The attorney-client privilege is sacrosanct, but its protections are eroding. Always narrowly construed, its zone of protection is becoming even smaller, particularly for in-house counsel. This is due to organizations’ inability to address the impact that technological innovations have had on the privilege. In many instances, new and disruptive technologies are assaulting the privilege as a result of unsuspecting corporate practices. This Article details how technology advancements coupled with heightened judicial scrutiny have chipped away at the protections the privilege affords to internal counsel. The historical basis for increased court scrutiny of in-house counsel’s privilege claims is detailed. With respect to technology, e-mail is spotlighted as a principal causation element in this process.[1] In addition, the Article explores how social networking sites, cloud computing, and corporate “bring your own device” policies all have the potential to undermine the privilege assertions of in-house counsel. Finally, some best practices are discussed which, if followed, can help prevent further erosions to such claims.

I. Introduction

[1] Technology has certainly been a game-changer for the attorney-client relationship.[2] In particular, digital age innovations have facilitated communication between organizations and their lawyers.[3] While messaging was previously limited to traditional options such as telephone calls, paper letters, and facsimiles,[4] lawyers and clients now enjoy an abundance of media through which they can instantaneously exchange information.[5] Besides e-mail,[6] companies and counsel now trade messages through short message service,[7] instant messages, social networking sites,[8] and voice over Internet protocol (VoIP).[9] The methods for doing so have also expanded, with small form factor (SFF) devices such as smartphones and tablet computers replacing desktop computers and other antiquated tools.[10] And with the proliferation of cloud computing, both client and counsel essentially have an unlimited virtual warehouse in which to store their digital discussions.[11]

[2] Yet these same technological innovations also present a myriad of complications for the lawyer-client relationship.[12] For example, such technologies and others have opened the proverbial floodgates of electronically stored information (“ESI”). This deluge of ESI has inundated the electronic information systems of enterprises and law firms, creating complexity for both client and counsel in establishing effective information retention and discovery response strategies.[13]

[3] Another such challenge arises from the ability that third parties now have to mine metadata from various software applications.[14] Metadata—the embedded text that provides key details about the nature of ESI—is a powerful tool for understanding the who, what, when, and where of a particular document. However, unless appropriate precautions are taken, metadata also poses a technological trap as confidential client information could be exposed to the other side.[15]

[4] Despite the significance of these and other issues, they are secondary to the impact that technology has unintentionally had on the attorney-client privilege (“privilege”).[16] As both a procedural rule and an evidentiary hurdle that excludes relevant information from legal proceedings, strong policy reasons have traditionally mandated that the privilege be narrowly construed.[17] That limited scope of protection continues to shrink as technologies provide unexpected transparency into the zone of confidential exchanges between clients and lawyers.[18]

[5] The phenomenon of increased transparency has had a far greater impact on the privilege claims of in-house counsel than on outside counsel.[19] This is because courts already scrutinize in-house privilege claims to a greater degree than those of their outside counterparts.[20] Given the dual roles that internal counsel typically have as both legal and business advisors for their client organizations, courts now apply heightened scrutiny to their privilege assertions to ensure that only legal advice is shielded from disclosure.[21] Courts have justified such disparate treatment as necessary to more readily detect whether companies are trying to inoculate ordinary business records from discovery by funneling them through their in-house lawyers. Indeed, judicial concern over such a “zone of silence” in discovery is one of the principal reasons why the privilege assertions of in-house lawyers are handled so differently.[22] That scrutiny, however, has become further magnified as new and disruptive technologies[23] have removed the veneer of confidentiality from messages that, rightly or wrongly, would have been immune from discovery in the halcyon days of analog communications.[24] E-mail is perhaps the most glaring example of this development.

[6] E-mail is a helpful yet particularly troublesome innovation because it provides a written record of internal corporate discussions involving counsel that, until recently, did not exist.[25] Those messages—which reflect legal counsel, business advice,[26] or both—are often in play during litigation due to the inclusion of counsel on non-privileged e-mails,[27] tactically sanitized privilege logs,[28] and undetected draft e-mails.[29] These features of e-mail all serve to undermine counsel’s privilege assertions.[30]

[7] A quintessential example of the havoc that e-mail has wrought on such assertions is found in the recent Oracle America, Inc. v. Google, Inc. litigation. In that case, Google withheld a so-called “smoking gun” e-mail as privileged because it was directed to an internal company lawyer.[31] Prior to the digital age, such a straightforward privilege claim may have been left unchallenged given the scant information typically required for a privilege log.[32] Nevertheless, various drafts of that same e-mail, mistakenly produced by Google, indicated that the sender actually sought business advice from a company executive and not legal advice from in-house counsel.[33] As a result, the United States Court of Appeals for the Federal Circuit affirmed a lower court ruling that applied heightened scrutiny[34] and found that the e-mail was not privileged despite the presence of counsel.[35]

[8] The Federal Circuit’s ruling in Oracle represents a troubling body of jurisprudence for organizations that are trying to protect the privilege claims of their corporate counsel in the face of e-mail complications.[36] Worse, however, is that this problem is not limited to e-mail.[37] New technologies and related trends could also prove disruptive to these claims.

[9] By way of example, social networking sites are an increasingly popular communication medium in many industry verticals, including the legal profession. While many lawyers use these sites to market their services, others—including in-house lawyers—are using them to discuss legal matters with clients.[38] While certain communication functionality provided by social networks may look like e-mail,[39] that functionality could lack the necessary confidentiality to shield otherwise privileged discussions from discovery. This includes the ostensibly “private” messaging features available on some sites, which may be accessible to site representatives.[40]

[10] Confidentiality could also become problematic where cloud computing is used to store the communications involving in-house counsel. Despite being the in vogue repository for ESI, cloud service providers are third parties whose access to stored privileged messages could very well vitiate the required element of confidentiality.[41] While this issue is not insurmountable for providers, it is a valid consideration since many offerings provide their employees with unfettered access to customer data.[42] Unless appropriate safeguards are designed to preserve the confidentiality of such communications, in-house privilege claims may be waived.

[11] New workplace practices such as “bring your own device” (“BYOD”) policies, which are designed for employee convenience and employer cost savings, could also present a host of inconvenient and costly problems for in-house privilege claims.[43] This is because BYOD may cause companies to cede a significant aspect of control from employer to employee.[44] Without layering in adequate protections, that lack of control could jeopardize confidentiality if employees use personal cloud storage platforms for the transmission or storage of company data.[45] In addition, confidentiality could be compromised depending on the nature of access that the employee’s family and friends have to the device.[46]

[12] In summary, heightened scrutiny and technological innovations are inviting further judicial probing of internal counsel’s privilege claims. In this Article, I review these phenomena, the challenges they pose for establishing the defensibility of in-house privilege claims, and actionable insights for doing so. In Part II, I provide an overview of the privilege and detail through both jurisprudence and legal scholarship the increased scrutiny that courts apply to such claims. Part III analyzes a series of cases that describe how the proliferation of e-mail has caused a corresponding rise in judicial scrutiny toward in-house privilege assertions. Part IV delves into the common yet respective problems that social networks, cloud computing, and BYOD present for such assertions. In Part V, I offer some actionable suggestions for addressing the foregoing problems.

[13] To grasp how technology is inviting greater scrutiny of the privilege claims of internal counsel, it is important to understand the shift in traditional judicial thinking regarding such claims. The trend of heightened scrutiny toward those assertions is now firmly established in American jurisprudence, though it may come as a surprise that things were not always this way. Indeed, prior to 1984, in-house lawyers’ privilege claims were generally treated with the same level of scrutiny as those of their law firm counterparts, despite their multifaceted roles as legal counselor and business advisor.[47]

[14] That doctrine was memorialized in the seminal 1950 opinion of United States v. United Shoe Machinery Corp.[48] and was consistently followed for most of the next three decades. The sea change on this issue arrived in 1984 with the issuance of In re Sealed Case by the U.S. Court of Appeals for the District of Columbia Circuit.[49] From that time, courts steadily incorporated then-Judge Ruth Bader Ginsburg’s reasoning that a clear showing is required to establish the bona fides of in-house counsel’s privilege claims.[50] In fact, such a standard is now the unqualified majority rule.[51]

[15] In this Part, I analyze the shifting judicial approach to in-house privilege claims, beginning with an overview of the privilege, its purposes, and the scope of this exclusionary rule. Included in this discussion is an analysis of the disparate treatment currently applied to such in-house claims as opposed to those of firm lawyers. I next describe the historical evolution of the “clear showing” rule. Starting with United Shoe, I follow the progression of the rule through Sealed Case and then detail how the clear showing standard has permeated contemporary jurisprudence. I conclude this Part by briefly introducing the correlation between technology and the increasing scrutiny that courts apply to internal lawyers’ claims.

A. The Privilege—Purposes, Policy and Scope

[16] The privilege certainly has achieved a venerated status in the United States. Hailed as one of the lynchpins of the adversary system, it has been called everything from “sacred”[52] and “sacrosanct”[53] to “essential”[54] and “compellingly important.”[55] The U.S. Supreme Court has repeatedly defended the privilege and its purpose of ensuring “full and frank communication between attorneys and their clients,” declaring it to be critical to the “administration of justice.”[56] Moreover, the concept of privilege has transcended the legal profession and permeated popular culture.[57] Over the decades, movies, television, and literature have touched on the scope, impact, and need for the privilege.[58]

[17] To be sure, not all commentary about the privilege has been positive or laudatory.[59] The privilege has been criticized for its obvious exclusionary results,[60] for where the privilege applies, relevant evidence is excluded from proceedings.[61] Given these zero-sum consequences, some have even argued that the scope of the privilege should be severely curtailed or even eliminated to better ensure the just, speedy, and inexpensive determination of legal proceedings.[62]

[18] To balance these valid yet countervailing considerations, courts have been directed to carefully examine all of the circumstances surrounding a privilege claim.[63] To enable this result and to eliminate the possibility that courts could get locked into rigid procedural requirements, Federal Rule of Evidence 501 directs courts to evaluate privilege assertions based on existing common law principles.[64] Indeed, nearly four decades ago, Congress declined to codify the privilege, ostensibly so that courts would have the necessary flexibility to adjudicate matters of privilege.[65] The rationale supporting the congressional rejection of a codified privilege rule has been ratified time and again by the Supreme Court, which has likewise urged trial courts to assess privilege claims on a case-by-case basis and not through fixed presuppositions.[66]

B. The Disparate Treatment of In-house Counsel’s Privilege Claims

[19] Despite such direction from Congress and the Court, lower courts have nonetheless developed a framework to help evaluate whether a particular claim meets the requirements of the privilege.[67] Under that common law rubric, the elements of the privilege—a confidential communication between the client and the lawyer made for the purpose of obtaining a legal opinion or advice—are generally applied unequally to in-house lawyers as opposed to outside counsel.[68] While retained lawyers are accorded a basic presumption of privilege for their communications,[69] in-house attorneys enjoy no such presumption.[70] On the contrary, their claims are heavily scrutinized to ensure that an organizational client is not hiding business advice or other non-legal considerations under the cloak of privilege.[71] The Diversified Industries v. Meredith[72] and United States v. Chevron Corp.[73] cases are particularly instructive and representative on the current levels of scrutiny applied to the privilege claims of firm lawyers as opposed to corporate counsel.

[20] In Diversified Industries, the Eighth Circuit held en banc that communications between a manufacturing company’s employees and the company’s retained law firm were protected by the privilege.[74] At issue was whether those discussions were privileged since a three-judge panel previously determined that the law firm was not retained “to provide legal services or advice.”[75] The en banc panel rejected that decision, finding instead that the manufacturer engaged the law firm to provide legal advice relating to its investigation of alleged internal corruption.[76] Central to the court’s holding was its reasoning that the firm was a “professional legal adviser.”[77] Given the firm’s status as outside counsel, the court articulated a presumption that such communications were generally privileged: “Here, the matter was committed to Wilmer, Cutler & Pickering, a professional legal adviser. Thus, it was prima facie committed for the sake of legal advice and was, therefore, within the privilege absent a clear showing to the contrary.”[78] This presumption was essential to the en banc panel’s opposite conclusion regarding the manufacturer’s claim of privilege.[79]

[21] In contrast to the favorable finding for outside counsel in Diversified, the holding from United States v. Chevron Corp. came down squarely against such a presumption for internal lawyers.[80] In Chevron, the district court vacated a magistrate judge’s findings that protected scores of communications involving the defendant petroleum company’s in-house counsel as privileged.[81] The court was particularly troubled that the magistrate “presumed” that messages involving corporate counsel were privileged.[82] Relying on Diversified, the court reasoned that such a presumption was appropriate for outside counsel.[83] Nevertheless, the court did not extend the benefit of the doubt to in-house counsel, noting counsel’s inextricable involvement in corporate business matters.[84] To ensure that only legal and not business advice was protected from discovery, the company needed to “make a clear showing that in-house counsel’s advice was given in a professional legal capacity.”[85]

[22] The Diversified and Chevron Corp. cases exemplify how differently the judiciary views counsel’s respective privilege claims. For outside counsel, the privilege applies “absent a clear showing to the contrary.”[86] But for in-house lawyers, the privilege does not attach unless a clear showing is made to justify the claim. This stark divergence in treatment has been criticized as an inappropriate deviation from the congressional mandate regarding privilege assertions.[87] It is also somewhat surprising given that most courts take pains to clarify that the clear showing standard for in-house attorneys does not dilute their status as professional legal advisors.[88] And yet, such a standard has had precisely the effect of weakening in-house privilege claims since it was first articulated in Sealed Case in 1984.[89]

[23] To understand how courts have justified the application of a more probing legal framework for analyzing such privilege assertions, it is worth examining the historical evolution of the clear showing rule through the lens of jurisprudence. A review of pertinent scholarship is also insightful, particularly since the seeds of heightened scrutiny were sown in a remarkably prescient article published by the Yale Law Journal shortly after the United Shoe case.[90]

C. From Presumptively Privileged to Heightened Scrutiny: How the Judiciary Arrived at the Clear Showing Rule and Its Impact on In-house Counsel

1. The Comparable Treatment of Lawyers’ Privilege Claims Under United Shoe

[24] Once upon a time, the privilege claims of in-house lawyers were treated in the same manner as those of their law firm colleagues. Despite differences in the sources of their compensation, employment status, and the nature of their respective clients, courts considered the respective claims of internal and external lawyers to be equivalent since they were each deemed “professional legal advisors.” No case better encapsulates that former trend than the United Shoe decision.[91] Authored by the venerable jurist Charles Wyzanski, United Shoe was the leading case for decades on the privilege.[92] Particularly noteworthy is Judge Wyzanski’s analysis regarding the comparable treatment for the privilege assertions of outside counsel and internal lawyers.[93]

[25] In United Shoe, the court was asked to determine whether approximately 800 documents belonging to the defendant company were privileged.[94] The documents included communications between company employees and the company’s retained outside counsel, along with internal discussions involving the company’s in-house legal advisors.[95] In ruling that both categories of documents were generally privileged,[96] the court observed that the claims of in-house lawyers were comparable to those of their law firm counterparts since each was a professional legal advisor:

[T]he apparent factual differences between these house counsel and outside counsel are . . . not sufficient differences to distinguish the two types of counsel for purposes of the attorney-client privilege . . . . The type of service performed by house counsel is substantially like that performed by many members of the large urban law firms. The distinction is chiefly that the house counsel gives advice to one regular client, the outside counsel to several regular clients.

[97] Thus, the court did not make the distinction between outside and in-house counsel that has now become the norm in a post-Sealed Case world.

[26] However, in the most critical aspect of its opinion, the court also reasoned that a privilege claim should not be vitiated by the presence of related business advice in a communication containing legal counsel.[98] Observing that the “modern lawyer” was often forced to deal with non-legal considerations, the court opined that “the privilege of nondisclosure is not lost merely because relevant nonlegal considerations are expressly stated in a communication which also includes legal advice.”[99] The lone note the court offered in this regard was that a lawyer’s communication involving just business advice would not be privileged.[100]

[27] The rule from United Shoe that the privilege claims of in-house counsel were on par with those of outside lawyers instantly became an accepted principle. It would endure for the next thirty-plus years as courts and scholarship generally acknowledged the comparative status of lawyers’ privilege claims, irrespective of their employer.[101] Nevertheless, the more important notion from United Shoe was Judge Wyzanski’s dicta regarding the privileged status of communications that included non-legal advice.[102] While initially accepted as a prevailing rule, such mixed purpose messages would come under scrutiny in the 1970s and ultimately prove the undoing of the equal status of in-house counsel’s privilege claims.[103]

2. The United Shoe Rule Versus Corporate Zones of Silence

[28] A few years after the United Shoe opinion was decided, the Yale Law Journal published an insightful article analyzing the impact of United Shoe on the privilege claims of corporations.[104] Recognizing that this aspect of privilege law was still in its nascent stage, author David Simon examined various scenarios relating to the scope and application of the privilege to organizations. Among the issues considered in the article was whether the privilege claims of internal counsel should be accorded equal status with those of external lawyers.[105]

[29] Simon agreed with the United Shoe principle that corporate lawyers’ claims should receive similar privilege protection as those of firm lawyers.[106] Nevertheless, he also observed that the privilege might have to yield in certain instances, particularly “in a case where too much valuable evidence would be insulated by the privilege being accorded to house counsel . . . .”[107] Simon theorized that the “physical proximity of house counsel” to corporate employees could make it relatively easy to convert counsel from a legal advisor into a “privileged sanctuary for corporate records.”[108] Simon noted that in such a circumstance, courts would most likely force in-house counsel to acquiesce the protections of the privilege to prevent a “zone of silence” from insulating ordinary corporate business activities from discovery.[109]

[30] Simon’s views regarding the privilege claims of in-house attorneys have proven visionary. In post-Sealed Case jurisprudence, courts applying the clear showing rule have repeatedly recognized that companies frequently yield to the temptation to use their internal lawyers as a privilege “sanctuary” given their proximity to corporate records.[110] Many of these cases have involved e-mail and have spotlighted how the virtual proximity of counsel through a “cc,” “forward,” or “reply” has resulted in organizations withholding from discovery communications that otherwise lack any indicia of privilege.[111]

3. The United Shoe Rule Followed for the Next Three Decades

[31] Despite Simon’s prescient predictions, the holding from United Shoe would remain the majority rule on the treatment of in-house counsel’s privilege assertions for the next three decades. During the 1950s and 1960s, there was little disagreement as courts and scholarship faithfully adhered to the United Shoe rule.[112] It was not until the 1970s that the winds of change would begin to blow through the judiciary on this issue. During those years, courts and commentators expanded on the reasoning from United Shoe and began marking differences between outside counsel and in-house lawyers.[113] These opinions would eventually culminate in the issuance of the clear showing rule by the 1984 Sealed Case decision.[114]

a. The 1950s and 1960s: The United Shoe Rule at Its Zenith

[32] The United Shoe rule was certainly at its zenith during the 1950s and the 1960s.[115] In the spirit of United Shoe, the cases that examined the viability of corporate privilege claims typically gave great deference to in-house counsel. Indeed, while acknowledging that communications that just involved “business advice” would not be privileged,[116] the judiciary invariably sided with companies that invoked the privilege on behalf of their in-house lawyers.[117]

[33] For example, in Georgia-Pacific Plywood Co. v. United States Plywood Corp., the court explained that counsel’s status as an in-house lawyer was the professional equivalent of the status held by outside lawyers.[118] As a result, and despite acknowledging that much of counsel’s work was “undoubtedly non-legal,” counsel’s discussions were nonetheless deemed to be privileged.[119] In so doing, the court essentially ratified Judge Wyzanski’s dicta that mixed purpose communications should ultimately retain their privileged character.[120]

[34] A similar result occurred in Paper Converting Machine Co. v. FMC Corp., which held that several internal company discussions involving the defendant’s “corporation patent counsel” were privileged.[121] While certain of those communications appeared to include non-legal considerations, the apparent predominance of legal advice tipped the scales in favor of the defendant’s privilege claims.[122]

[35] Likewise in Natta v. Hogan, the Tenth Circuit reversed a production order that would have divulged a privileged message involving one of the defendant’s corporate lawyers.[123] Relying on United Shoe, the Natta court reasoned that the defendant was equally entitled to assert the privilege to prevent the discovery of communications involving its house lawyers as it would to protect those of its outside counsel.[124]

[36] The embrace of the United Shoe rule during the 1950s and 1960s is perhaps best captured by a 1962 comment from the Yale Law Journal.[125] In that comment, the author cited to United Shoe for the proposition that the privilege claims of in-house lawyers should not be defeated due to the inclusion of business advice in a particular communication.[126] Parroting Judge Wyzanski’s reasoning from United Shoe,[127] the author noted that the privilege applied so long as the communication was arguably focused on legal issues.[128] To do otherwise might jeopardize the privilege: “If the attorney-client privilege is to retain vitality, it must not be withdrawn from the attorney who acts in the joint capacity of lawyer and business adviser.”[129]

b. The 1970s: Transitioning from United Shoe to Sealed Case

[37] The majority rule status of the United Shoe doctrine began to waver somewhat during the 1970s. While many judges still followed the rule, some commentators and courts began to challenge Judge Wyzanski’s dicta regarding mixed purpose communications. The result of these contrary views was a weakening of the protections afforded to corporate privilege claims. During this time of transition, scholarship and court decisions implicitly channeled the privilege “sanctuary” and “zone of silence” warnings to more carefully scrutinize such claims.

[38] This shifting trend is captured by a 1970 comment in the Harvard Law Review.[130] In that comment, the author argued that various factors justified the application of greater scrutiny to the privilege claims of corporate counsel.[131] Invoking the privilege “sanctuary” and “zone of silence” themes, the author warned that companies could be directing a significant amount of non-privileged information through their internal lawyers to immunize it from discovery.[132] Because much of that information focused on “general business purposes” where legal advice was not a predominant subject, the author cautioned courts against sustaining such privilege assertions.[133]

[39] The Harvard Law Review comment is significant because it points to a shift in attitude regarding the nebulous area where legal and business advice are intertwined in the same discussion. For twenty years, United Shoe and its progeny[134] had typically found those messages to be privileged so long it was possible find an arguably predominant legal purpose in the communication.[135] In contrast, the Harvard comment urged courts to more carefully scrutinize those communications to ensure that legal advice was the primary reason underlying the discussion.[136] This was precisely the premise that courts used during the 1970s to set the groundwork for the clear showing rule.

[40] For example, in United States v. IBM, the court ordered the defendant electronics manufacturer to produce various categories of communications involving in-house counsel.[137] In its effort to stave off the production of these records, the manufacturer argued that the privilege applied to “all” communications involving its counsel.[138] In rejecting that sweeping position, the court both clarified and limited the United Shoe reasoning that related “non-legal considerations” would not affect counsel’s claim of privilege.[139] To be privileged, the communication could not merely include “incidental legal advice” from house counsel that could possibly be called privileged in a subsequent legal proceeding.[140] Instead, the purpose of the communication from the beginning had to be primarily focused on legal advice.[141] The court opined that a lesser standard would encourage overreaching and allow for blanket claims over non-privileged content.[142]

[41] The IBM case is significant since it narrows the United Shoe dicta regarding mixed purpose communications. Just as important, it invited courts to undertake a more searching inquiry into the privilege claims of in-house counsel.

[42] That invitation was accepted by the court in SCM Corp. v. Xerox Corp., which overruled the defendant’s privilege objections to certain deposition questions regarding a particular licensing strategy.[143] The defendant’s president had declined to answer the questions since they might reveal legal advice that was “interwoven” with related business decisions.[144] Though legal and non-legal considerations might seem inseparable, the court nonetheless ordered the disclosure of the business advice.[145] This was because the privilege could not be permitted to shield business matters from discovery.[146] Specifically relying on David Simon’s article, the court declared that the privilege was not intended to preclude the discovery of relevant, non-legal considerations.[147]

[43] The IBM and SCM decisions, together with the Harvard comment, underscore the greater level of scrutiny that courts were beginning to apply to house privilege claims. Some courts were simply unwilling to follow the United Shoe reasoning and blindly accept a privilege assertion without further inquiry. That increasing scrutiny would disproportionately impact corporate counsel in the next decade and beyond with the issuance of Sealed Case and its clear showing rule.

4. Sealed Case and the Clear Showing Rule

[44] The journey from presumptively privileged under United Shoe to today’s trend of heightened scrutiny reached a turning point in 1984 with the issuance of Sealed Case.[148] In that decision, then-Judge Ginsburg established the clear showing rule to ensure that the privilege claims of corporate counsel would be properly scrutinized where counsel “had certain responsibilities outside the lawyer’s sphere.”[149]

[45] The rule arose from within the context of a grand jury proceeding in which a company’s former “vice president-general counsel” was asked certain questions regarding allegations that the company had engaged in bid rigging.[150] Counsel had declined to answer several questions on the ground that they called for the disclosure of privileged discussions.[151] The district court overruled most of the privilege assertions and ordered counsel to respond accordingly.[152]

[46] On appeal before the D.C. Circuit, the court affirmed some of the district court’s rulings.[153] In so doing, the court essentially reiterated that in-house counsel’s claims were on equal footing as those of retained counsel.[154] Nevertheless, the court added a critical caveat: “The lawyer whose testimony the government seeks in this case served as in-house attorney.”[155] Since counsel also had non-legal duties as a company vice-president, the court required the company to make a clear showing that counsel had offered legal advice: “The Company can shelter [counsel’s] advice only upon a clear showing that [counsel] gave it in a professional legal capacity.”[156]

[47] With the clear showing rule now articulated, the court proceeded to make several rulings on the questions at issue.[157] In one particular instance, the district court held that the privilege claim did not yield as counsel was supposedly “acting as a corporate executive, not as a lawyer.”[158] The D.C. Circuit rejected that argument, finding instead that counsel had advised the company president on the enterprise’s legal matters.[159]

[48] Though the disputed claims of privilege in Sealed Case were not exactly monumental, they did provide a vehicle for introducing the clear showing rule. Simply put, the rule requires an organization to establish with greater certainty that the advice from its corporate lawyer was made in its capacity as a legal counselor, and not as a business advisor. Such a straightforward explanation would not seem to be such a significant deviation from the standard established by United Shoe. However, in the jurisprudence that has followed and invoked the Sealed Case decision, it has become apparent that courts are using the clear showing rule to conduct a more extensive inquiry of in-house counsel’s privilege claims.

D. The Proliferation of the Clear Showing Rule and the Corresponding Increase in Judicial Scrutiny

[49] In the nearly thirty years since Sealed Case, the clear showing rule has permeated the concept of privilege. This phenomenon—which has raised the level of scrutiny on house privilege claims—is evident in both commentary and case law from the succeeding decades. In this Section, I will discuss some of that commentary. I will also cite a representative sampling of court decisions, which demonstrate the extent to which the clear showing rule and its increased level of scrutiny have proliferated throughout United States privilege jurisprudence.

1. Commentary on the Clear Showing Rule

[50] The commentary and scholarship on the clear showing rule evince the range and acceptance of this concept as the majority rule regarding in-house privilege claims. To be sure, there has been criticism of the rule and its resulting impact on corporate counsel.[160] For example, in her 1998 article published by the Georgetown Journal of Legal Ethics, Amy Weiss criticized the trend of heightened scrutiny caused by the clear showing rule.[161] In particular, Weiss cited a resolution from the American Bar Association (ABA) House of Delegates condemning the trend.[162] According to the ABA, such a trend threatened to relegate in-house counsel to “some form of second-tier status” among American lawyers.[163]

[51] Despite such disapproval, commentators and organizations generally agree that the clear showing rule is here to stay. The late Paul Rice, who was a leading commentator on the privilege,[164] succinctly captured what is now the prevailing view in his authoritative treatise:

Many courts fear that businesses will immunize internal communications from discovery by placing legal counsel in strategic corporate positions and funneling documents through counsel . . . . As a result, the courts apply the privilege cautiously, and require a clear showing that the attorney was acting in his professional legal capacity before cloaking documents in the privilege’s protection.[165]

[52] What is perhaps most instructive from Rice’s discussion on the rule is the supporting rationale from the judiciary. The judicial concerns that Rice raised regarding companies using the privilege claims of their internal counsel to “immunize” materials from discovery are directly in line with the warnings raised in the Yale Law Journal nearly sixty years earlier.[166]

[53] Such views are also squarely in line with those of David Greenwald, another privilege commentator.[167] Alluding to Simon’s warnings, Greenwald acknowledged in his treatise that courts now apply heightened scrutiny to house privilege claims to ensure that organizations do not “hide mountains of otherwise discoverable information behind a veil of secrecy.”[168]

[54] As those commentators confirm, courts are increasingly vigilant in their efforts to penetrate corporate zones of silence and to prevent the use of internal counsel as a privilege “sanctuary.” This development is evident in the cases cited in the following Subsection.

2. Judicial Treatment of the Clear Showing Rule

[55] Courts have generally used the clear showing rule since the issuance of Sealed Case to more carefully evaluate the privilege assertions of house counsel. Perhaps best exemplified in the United States v. ChevronTexaco Corp. decision,[169] many other cases have likewise demonstrated the continued efficacy of this doctrine.

[56] For instance, in Craig v. Rite Aid Corp., the court followed Sealed Case and held that various communications involving the defendants’ in-house counsel were not privileged.[170] The defendants had argued that the discussions at issue were privileged since they touched on various legal aspects associated with a corporate restructuring effort.[171] Analyzing the defendants’ claims through the lens of the clear showing rule, the court rejected that assertion.[172] The court felt constrained to apply greater scrutiny given the multiple roles of in-house counsel and the concern that the defendants could “conduct their business affairs in private simply by staffing a transaction with attorneys.”[173] Indeed, it turned out that many of the communications focused on the business considerations associated with the restructuring effort.[174] As a result, the court held that scores of those messages were not privileged, despite the inclusion of internal counsel.[175]

[57] Similarly, the court in United States v. ChevronTexaco Corp. applied the clear showing rule to certain discussions involving the defendant’s in-house counsel.[176] Just as in Craig, the ChevronTexaco court reasoned that the involvement of house counsel required a more probing inquiry into the company’s privilege assertions.[177] This inquiry culminated in the production of a few messages that were previously withheld as privileged.[178]

[58] Likewise in Argenyi v. Creighton University, the court used the clear showing rule to order an in camera inspection of thirty-three documents involving the defendant university’s in-house counsel.[179] The documents had been withheld on privilege grounds and a privilege log had been produced to substantiate the university’s objections.[180] However, in light of counsel’s business responsibilities as a company vice president, the court gave little credence to the log.[181] Applying heightened scrutiny, the court found that some of the discussions at issue were non-privileged and ordered their production.[182]

[59] The Craig, ChevronTexaco, and Argenyi cases all relied on the specific clear showing language from Sealed Case as the rationale for applying greater scrutiny. These decisions and several others highlight the rule’s ubiquitous application in contemporary jurisprudence.[183] Indeed, the clear showing requirement is often used without being explicitly mentioned.[184]

[60] These cases also emphasize the disparate level of scrutiny that now applies to house privilege claims as opposed to those of outside counsel.[185] The rule from United Shoe regarding the equal status of lawyers’ privilege claims is now rarely cited. Instead, courts take great pains to explain why in-house counsel’s claims must be treated differently—and with greater scrutiny.

[61] Perhaps the most significant aspect of the Sealed Case progeny is the implicit concern about corporate zones of silence. In light of judicial understanding that in-house lawyers frequently render business advice to their organizational clients and given the sweeping privilege claims of so many enterprises, courts invariably feel compelled to apply heightened scrutiny to those claims.[186] To do otherwise would be tantamount to abdicating the judiciary’s obligation to ensure that privilege assertions are both narrowly construed and clearly established by the claimant.

[62] The confluence of issues underlying such concerns has been magnified by the role of technology in business operations and in litigation. E-mail has been particularly troublesome in this regard due to the sheer volume of messages that include in-house lawyers and which fall within the permissible scope of discovery.[187] As discussed in Part III, however, various other aspects of e-mail are combining to invite unwanted transparency and further judicial scrutiny into the privilege assertions of in-house counsel.[188]

III. The Promiscuous Use of E-mail Has Invited Additional Scrutiny Into the Privilege Claims of In-house Counsel

[63] The scrutiny that courts use to evaluate internal counsel’s privilege assertions has become far more acute as digital age technologies have grabbed the discovery spotlight.[189] While the clear showing rule has increased the level of judicial inquiry into in-house privilege claims, that trend has been augmented by widespread e-mail use. Indeed, there is near universal agreement on this issue as both courts and cognoscenti agree that e-mail is inviting further probing into such claims.

[64] In this Part, I explore the correlation between e-mail and the trend of increasing scrutiny. This includes a discussion of the three key aspects of e-mail usage and management that have compelled the courts to more carefully examine internal lawyers’ privilege assertions. These aspects—the ease of involving counsel on non-privileged e-mails, tactically sanitized privilege logs, and overlooked draft e-mails—all serve to undermine such assertions. I will also examine the Oracle trilogy of opinions and how that case illustrates the quintessential problems that e-mail has created for these claims.

A. The Correlation Between E-mail and Heightened Scrutiny

1. The Ease of Including Counsel on Non-privileged E-mails

[65] E-mail has wrought a remarkable change for organizations.[190] It provides a seamless opportunity for companies to draw in-house counsel into various aspects of their operations.[191] To be sure, corporate officers have often consulted with their legal team on issues outside of traditional legal matters. But the rise of e-mail has expanded this phenomenon beyond what was imaginable in previous decades. Indeed, counsel is likely to be included on any conversation that could conceivably have legal or business significance for the corporation.[192]

[66] While this development may be a value-add for many companies, it also presents substantial complications for their in-house privilege claims.[193] The ease of including counsel on any communication through a simple “reply,” “cc,” or “forward,” regardless of its content, has raised the “zone of silence” specter for the judiciary.[194] One commentator framed the issue in this fashion:

While it has always been possible for litigants to assert scurrilous privilege claims as to non-privileged paper documents addressed to counsel, such abusive tactics may have become more pervasive with the emergence of electronic technology. The copying and forwarding functions unique to e-mail communications provide an effortless means of concealing “smoking guns” by veiling them behind a “smoke screen” of privilege.[195]

[67] This is particularly significant given the massive amounts of e-mail now existing in most corporate electronic information systems.[196] Many organizations do not wish to incur the expense associated with conducting a document-by-document privilege review that may span terabytes of e-mails.[197] While Federal Rule of Evidence 502 and so-called “clawback” arrangements may help obviate the costs of additional review personnel or the acquisition of more sophisticated electronic review tools,[198] they do nothing to reverse the increasing scrutiny that courts now use to flesh out meritorious claims from those that are frivolous.

[68] As the virtual proximity of counsel and the sheer volume of ESI have encouraged unsubstantiated privilege assertions, courts seem more inclined than ever to view in-house counsel’s privilege objections with increased skepticism.[199] For example, in United States v. Segal, the court was called on to determine whether the privilege protected ninety-one electronic messages from discovery, many of which involved one of the defendant’s general counsel.[200] Before adjudicating the claims, the court observed that two particular factors had added significant complexity to the privilege analysis.[201] The first was the “expanded role of corporate general counsel” in rendering business advice to the company.[202] The second was the “rise of e-mail as the primary mode of corporate communication . . . .”[203] Given these factors, the court applied heightened scrutiny to evaluate the defendant’s privilege objections.[204] Several of those objections were overruled because the messages included general counsel for business considerations.[205]

[69] Likewise, in In re Vioxx Products Liability Litigation, the defendant pharmaceutical company’s use of e-mail with its internal legal department invited additional court probing regarding its claims of privilege.[206] Observing that e-mail had allowed in-house lawyers to be conveniently included “on every communication that might be seen as having some legal significance at some time,” the court also remarked that e-mail enabled house counsel to become involved at a much earlier stage in business transactions.[207] These factors, along with requests for counsel’s advice on “business, technical, scientific, promotional and public relations” matters, required the court to more carefully scrutinize privilege claims involving the company’s in-house counsel.[208]

[70] Under this framework, many of the company’s privilege objections were overruled.[209] In particular, the court rejected claims over e-mails that were widely distributed to lay employees and that happened to include internal lawyers on the recipient list.[210] By using such a scattershot approach for its distribution strategy, the company essentially conceded that the dominant purpose of the e-mails was not focused on obtaining legal advice.[211] Nor did the content of those messages become privileged once a lawyer replied to a particular e-mail.[212] Unless those materials were produced, the court would provide its imprimatur to the impermissible corporate strategy of using counsel to immunize non-privileged material from discovery.[213]

[71] The Vioxx decision highlights the pervasive problem with corporate privilege claims in the era of e-mail messaging, i.e., the inclusion of in-house counsel on non-privileged communications.[214] Whether inadvertently or intentionally, the over-inclusion of counsel in e-mails through a “cc,” “reply,” or “forward” invites further judicial examination of such privilege claims.

[72] Another instance of this phenomenon is found in In re Gabapentin Patent Litigation,where the District Court for the District of New Jersey ordered the production of several e-mails previously withheld as privileged given the perfunctory inclusion of counsel on “routine business” communications.[215] Taking issue with the plaintiffs’ indiscriminate use of the privilege, the court characterized the following situational e-mails as non-privileged: “Including an attorney on the distribution list of an interoffice memo, Cc’ing numerous people who are ancillary to the discussion, one of whom happens to be an attorney, or forwarding an e-mail several times until it reaches an attorney.”[216]

[73] Similarly, in Fru-Con Construction Corp. v. Sacramento Municipal Utility District, the court condemned the defendant utility district’s efforts to prevent the discovery of non-privileged e-mails involving its in-house counsel.[217] Holding that such communications were subject to discovery, the court criticized the district for asserting that the e-mails were protected even though counsel was copied for ancillary reasons.[218] While such e-mails might be “embarrassing” to the district, that reason could not possibly justify a claim of privilege.[219]

[74] These cases and many others exemplify how e-mail has enabled organizations to turn the virtual proximity of in-house counsel into an impermissible privilege “sanctuary” for non-privileged ESI. Such conduct has given rise to another troubling aspect of e-mail that has invited additional court scrutiny—strategically sanitized privilege logs.[220]

2. Strategically Sanitized Privilege Logs

[75] The bitter fruit of internal counsel’s inclusion on non-privileged e-mails is the heightened judicial inquiry into the adequacy of parties’ privilege logs.[221] Designed to satisfy the procedural requirement that a privilege objection be stated with particularity, privilege logs have in practice been converted into a costly game in which litigants disclose as little as possible about the communications they have withheld as privileged.[222] Such a strategy is understandable given a claimant’s reluctance to reveal privileged content.[223] Nevertheless, this tactic often backfires since courts now frequently review privileged materials to substantiate the claims.[224] Moreover, because organizations tend to make blanket privilege assertions over masses of e-mails involving house counsel, courts generally expect to find non-privileged content.[225] The case of B.F.G. of Illinois, Inc. v. Ameritech Corp. is particularly instructive on this issue.[226]

[76] In Ameritech, the court ordered the defendants to produce hundreds of e-mails previously withheld as privileged, many of which involved in-house counsel.[227] In their privilege log, the defendants buried the non-privileged content from those e-mails behind whitewashed descriptions.[228] Suspicious that in-house counsel was apparently deployed on business and not purely legal matters, the court elected to use heightened scrutiny to ensure that the claims involving counsel were proper.[229] The court’s more probing examination revealed that the defendants used in-house counsel “to give a veneer of privilege to otherwise non-privileged business communications.”[230] This was particularly frustrating to the court, which observed that the privilege log, as drafted, obstructed any effort to verify the claims short of an in camera inspection.[231]

[77] As the Ameritech case teaches, the twin abuses of overreaching privilege claims and deceptive privilege logs can only be detected through heightened scrutiny.[232] Such discovery misconduct has also triggered the onerous requirement that individual e-mails be separately identified in a privilege log.[233] The United States, ex rel. Baklid-Kunz v. Halifax Hospital Medical Center case reflects this troubling trend.[234]

[78] In Baklid-Kunz, the court overruled several privilege objections in connection with e-mails that included the defendants’ internal lawyers.[235] The e-mails in question did not involve legal advice, but instead simply “copied” counsel or kept them “in the loop” on various business issues.[236] To ensure that all such e-mails were properly scrutinized and thereby prevent further “funneling of non-privileged information” through counsel, the court held that the defendants’ privilege log was required to identify each message in an e-mail string.[237] Even though digital age technology had allowed all messages in the string to be grouped together, the court ordered the messages to be individually listed to provide the challenging party with an opportunity to better evaluate the merits of the claim.[238]

[79] In similar fashion, the court in In re Universal Service Fund Telephone Billing Practices Litigation required that individual e-mails be separately identified in a privilege log.[239] The defendant telecommunications provider had argued that it should be permitted to group messages from an e-mail string under a single entry.[240] In rejecting that argument, the court cited concerns over “stealth” privilege assertions that “could never be the subject of a meaningful challenge by opposing counsel or actual scrutiny by a judge.”[241] Despite the additional costs and burdens that such a rule would undoubtedly impose on the defendant, it was deemed necessary to counteract abuses with privilege claims.[242] Applying that rule to the provider’s objections, the court eventually held that numerous e-mails involving house counsel were not privileged.[243]

[80] The Ameritech, Baklid-Kunz, and Universal Service Fund cases and other decisions[244] amply demonstrate how organizations’ privilege log practices with respect to e-mail have increased the scrutiny that courts now apply to in-house privilege claims.[245] Such privilege log tactics and the claims they are designed to protect are also being exposed by undetected draft e-mails.

3. Overlooked Draft E-mails

[81] A third and final complicating factor involving e-mail is the existence of electronically generated drafts.[246] Draft e-mails are a particularly tricky proposition since there is generally no historical analogue for this form of ESI.[247] While paper drafts of contracts or other documents may have been retained in some instances, corporate records management policies generally did not require the retention of paper drafts of internally circulated memoranda.[248] Even in those few instances where a paper draft may have been kept, it is doubtful that every draft of the memo was retained by the organization or its internal legal team.[249] As one commentator observed, “it is unlikely that a party would print out and retain every preliminary draft of a document.”[250]

[82] That last point illustrates a striking difference between paper documents and ESI.[251] Unlike paper, many e-mail systems have functionality that provides for the creation and retention of drafts while the e-mail is being prepared.[252] If an organization has designed its electronic information systems to retain those draft e-mails, they may become a particularly important source of information in discovery.[253] Martin Redish, an expert in federal civil procedure, highlighted the significance of draft ESI for discovery purposes in the Duke Law Journal in 2001.[254] As Redish explained, draft ESI can provide clarity on certain issues since it may reveal insights into corporate decision-making before being sanitized “for political correctness and legal considerations.”[255] As the Oracle litigation makes clear, those same observations regarding ESI are equally applicable to e-mail.[256]

[83] Given their potential importance in litigation, e-mail drafts can become a conundrum for companies, particularly with respect to their in-house privilege claims.[257] If a company cannot match up those drafts with the “sent” version involving house counsel that it has claimed as privileged, the drafts may be produced in discovery.[258] This could expose the withheld e-mail to additional scrutiny, particularly if the drafts impugn the credibility of the privilege claim.[259] Such a scenario is beyond a hypothetical, as demonstrated in the Oracle privilege dispute.

[84] While the above referenced cases illustrate how e-mail has introduced additional, unwanted transparency into the privilege claims of corporate counsel, none of these decisions captures the issues quite like the Oracle litigation. The Oracle case spotlights how the three troubling aspects of e-mail analyzed in this Part all served to invite heightened scrutiny into Google’s claim of privilege over a critical e-mail sent to one of its internal lawyers.

1. The Lawsuit

[85] The litigation involving technology titans Oracle America (“Oracle”)[260] and Google involved claims of copyright and patent infringement with respect to features of Java and Android.[261] In particular, Oracle alleged that Google had misappropriated its Java technology to bolster its widely popular Android operating system.[262] As part of the effort to establish its claims, Oracle presented in court a draft that Google produced in discovery of the privileged e-mail.[263] Shortly thereafter, Google notified Oracle that the draft was also privileged and demanded its return, along with all of the other drafts of the e-mail that were mistakenly produced.[264] Oracle disputed the privilege claim, arguing instead that the e-mail was not privileged and went to the heart of its infringement allegations.[265]

2. The Disputed E-mail

[86] The e-mail at issue originated from Tim Lindholm, a Google software engineer.[266] It was prepared shortly before Oracle filed its infringement lawsuit and while the parties were engaging in negotiations to stave off litigation.[267] Lindholm sent the message to a Andy Rubin, a Google Vice President in charge of Android, as well as Ben Lee, a Google Senior Counsel, and included another Google engineer, Dan Grove, in the “cc” field.[268] In the message’s salutation, Lindholm specifically directed the e-mail only to Rubin.[269]Lindholm explained that he and Grove had been asked by Google founders Larry Page and Sergei Brin to “investigate what technical alternatives exist to Java for Android and Chrome.”[270] The investigation had proven unsuccessful, with Lindholm ultimately concluding that the alternatives to Java “all suck.”[271] Lindholm suggested that Google should “negotiate a license for Java under the terms we need.”[272]

[87]Before the e-mail was sent to its recipients, Google’s internal e-mail system saved nine drafts of the message.[273] Those drafts were sequentially created, showing the gradual development of the message.[274] It was not until the final draft that Lindholm included the headings “Attorney Work Product” and “Google Confidential.”[275] Moreover, the names of the e-mail recipients were not found in any of the saved drafts.[276]

[88] In discovery, Google withheld the disputed e-mail, along with the ninth and final draft, on privilege grounds.[277] Google represented in its privilege log that the e-mail and corresponding draft reflected a privileged communication with its in-house counsel, Lee.[278] Google nonetheless produced the other eight drafts of the e-mail since its “electronic scanning mechanisms” did not flag the drafts before they were disclosed.[279] This apparently happened because the draft messages “did not contain . . . confidentiality or privilege headings . . . [or] any addressees.”[280]

3. The Magistrate’s Production Order

[89] Motion practice surrounding the disputed e-mail took place first before U.S. Magistrate Judge, Donna Ryu.[281] In contesting Oracle’s production request, Google argued that Lindholm was conducting the research referenced in the disputed e-mail at the direction of Google’s general counsel as well as Lee.[282] According to Google, since the research was designed to help Google’s counsel render legal advice on the pending lawsuit, the e-mail was privileged.[283] That position, argued Google, was further confirmed by Lindholm’s insertion of the “Attorney Work Product” and “Google Confidential” designations.[284]

[90] Judge Ryu rejected these assertions, ruling instead that Google had failed to meet the test of heightened scrutiny.[285] Judge Ryu explained that Google had to make a clear showing that the presence of Lee on the e-mail was for the purpose of providing legal advice to the company.[286] The judge reasoned that such a showing was critical since “[i]n-house counsel may act as integral players in a company’s business decisions or activities . . . .”[287]

[91] Using the clear showing rule as a touchstone, Judge Ryu reasoned that the plain language of the e-mail contradicted Google’s after-the-fact explanations.[288] While Lee was included in the “To” portion of the e-mail, the salutation was directed to Rubin, a lay company executive.[289] The e-mail also conflicted with Google’s assertion that Lindholm had performed the referenced research at the direction of legal counsel.[290] Instead, Lindholm unequivocally explained in the message that his research was performed at the direction of Google’s lay founders, Brin and Page.[291] Moreover, Lindholm’s reference that his research was related to Chrome—a Google product not implicated by Oracle’s lawsuit—belied Google’s representation that the research was focused on the pending litigation.[292] Finally, merely labeling a document as “Work Product” could not satisfy the standard of heightened scrutiny required for such a communication.[293] Since Google had failed to meet the clear showing requirement, the court stripped the disputed e-mail of its privilege designation and ordered its immediate production to Oracle.[294]

4. The District Court’s Order Denying Google’s Objections to the Magistrate’s Order

[92] Dissatisfied with Judge Ryu’s ruling, Google filed various objections to the production order and brought the matter before U.S. District Judge William Alsup. At the heart of Google’s objections was its contention that the magistrate had used the wrong legal standard by applying Sealed Case’s heightened scrutiny test to the disputed e-mail.[295] Judge Alsup declined to adopt that position, observing that such scrutiny was necessary to counteract the common corporate practice of including in-house counsel on “business communications as an attempt to cloak a business message in privilege.”[296] Finding that the magistrate’s use of heightened scrutiny was proper, the court overruled Google’s other related objections to the magistrate’s order.[297]

5. The Federal Circuit’s Denial of Google’s Mandamus Petition

[93] Google’s final effort to prevent disclosure of the disputed e-mail came before the Federal Circuit. In its mandamus petition, Google again challenged the application of the clear showing rule, but this time with a twist on its prior argument. Unlike the objection it filed with the district court, Google conceded the propriety of the rule.[298] Nevertheless, Google argued that the rule was limited to those instances where internal counsel was also tasked with business responsibilities.[299] Since there was no evidence that Lee had any duties outside of his legal work, Google argued that there was no basis for using the rule.[300] Indeed, Google characterized the magistrate’s holding as a “radically broadened version” of the clear showing doctrine.[301]

[94] The Federal Circuit found this position to lack merit. Sidestepping the distinction Google raised regarding house counsel’s duties, the court opined that Google was still required to show that the e-mail’s primary purpose was to obtain legal advice.[302] Irrespective of Lee’s duties as counsel, communications such as the Lindholm e-mail that were focused on business strategy and not legal advice could not be protected as privileged.[303] The court accordingly denied Google’s mandamus petition.

6. The Legacy of Oracle on E-mail Privilege Claims Involving House Counsel

[95] The Oracle case amply demonstrates the troubles that e-mail has caused for the privilege assertions of in-house lawyers. Indeed, the three aspects of e-mail that are inviting further court scrutiny into such claims were central issues in that case. With the virtual proximity that e-mail has introduced into internal corporate communications, it was easy for Lee to be included on a business related e-mail. Given Lee’s inclusion on the e-mail and the sensitive tenor of Lindholm’s conclusions, it was strategically sensible for Google to withhold the document as privileged. While Google’s privilege log predictably gave no indication that the e-mail was focused on business matters, the drafts it mistakenly produced belied its privilege objection. These factors invited the court to probe more deeply into the content of the communication to ensure that it met the clear showing rule. Were any of these elements lacking from the equation, a different result may very well have occurred.

[96] The legacy of Oracle for in-house privilege claims is indeed problematic. While the Federal Circuit may have circumvented Google’s argument on the clear showing rule, it does not change the fact that Google was correct in noting that the Sealed Case doctrine has been expanded beyond its original intent. While the clear showing rule was originally designed to ensure that claims asserted by counsel with legal and business roles were more carefully reviewed, most courts now assume that corporate lawyers are rendering business advice.[304] Nevertheless, that assumption seems justified given the realities of today’s corporate workplace and the increasing transparency that e-mail provides into counsel’s communications. The confluence of these factors suggests that companies will find it more difficult in the future to make defensible claims of privilege.

[97] The clear lesson from Oracle is that companies must implement better practices with respect to their employees’ promiscuous use of e-mail as well as their privilege reviews in discovery. Until they do, organizations can expect to find more probing by judicial officers who treat their privilege assertions with understandable cynicism. Moreover, such skeptical scrutiny figures to expand beyond the realm of e-mail as in-house lawyers and their corporate colleagues use newer, more promising, and yet more disruptive technologies to conduct internal communications and business strategy.

[98] The concerns surrounding the impact of technology on the privilege claims of in-house lawyers are not limited to just e-mail. As other digital age advances revolutionize the ways in which companies conduct their business operations, they also have the potential to negatively impact these claims. Such advances include social networking sites, cloud computing, and BYOD policies. While these innovations can facilitate effective and efficient commercial enterprise, they could also jeopardize the sacrosanct element of confidentiality required for privileged communications.

[99] In this Part, I discuss how these innovations are providing unwanted transparency into the otherwise privileged communications of in-house lawyers. This includes an analysis of how such advances enable third party access to those communications, which might compromise the perception of confidentiality between counsel and the organizational client. I also address how courts would likely evaluate the merits of such claims given the absence of controlling legal authority on these issues and in light of heightened scrutiny.

A. Communications Made through Social Networking Sites May Not Be Privileged

[100] Social networking sites represent a burgeoning communications frontier.[305] While extremely popular among individual consumers,[306] social media is also widely accepted and increasingly used in most industry verticals.[307] The legal profession is no exception to this growing trend.[308] An increasing number of lawyers are using social networks for various professional reasons.[309] While research and marketing are far and away the most common uses, lawyers are also communicating with clients regarding legal issues.[310] This includes in-house attorneys, who correspond with lay employees over social networks about internal corporate matters.[311]

[101] While social networks may offer in-house lawyers a convenient and comfortable medium to discuss internal company issues, they could present insurmountable challenges for preserving the privileged character of those discussions. This is due in substantial part to the terms of service that govern the use of those sites. In this Subsection, I highlight common terms of service that provide social networks with access to user content. These access rights often include content from so-called private messages sent through a network’s direct messaging functionality. I also examine how courts would interpret user agreements under existing case authority and through the lens of heightened scrutiny to construe corporate lawyers’ privilege assertions.

1. Social Networks’ Messaging Features May Lack the Confidentiality to Remain Privileged

a. Common Site Features

[102] Social networks provide their users with any number of offerings to communicate and share content with others. The two most common features among site offerings are the open forum setting and direct messaging functionality.

[103] The open forum setting typically allows both the user and those within the user’s selected community to exchange messages, pictures, documents, hyperlinks, and other information. Analogous to the traditional cork-and-pin bulletin board concept, an electronic open forum is designed to enable widespread circulation of user content. This is certainly the case with leading social networking sites Twitter,[312] Facebook,[313] MySpace,[314] LinkedIn,[315] and reddit.[316] All of these sites provide users with an open ecosystem that permits broad distribution of user materials.

[104] For example, Twitter allows users to post a pithy message (or tweet) of no more than 140 characters to their respective communities.[317] The tweet may contain text as well as “photos, videos, and links to other websites.”[318] However, as expressly set forth in the “Twitter Privacy Policy,” tweets are generally “public by default” and “may be viewed all around the world instantly.”[319] Similarly, LinkedIn, Facebook, and MySpace users can respectively share “updates,”[320] write on a user’s “wall,”[321] and create a “profile comment,”[322] all of which can then be viewed instantaneously by members of the user’s group.[323] Reddit[324] and other social networking sites[325] have similar functionality.

[105] In contrast, the direct messaging features that some sites furnish to their users are designed for one-on-one interaction. Instead of publicly displaying exchanged content to the entire community, direct messages are received by specified addressees in a virtual inbox. Referred to as “chats” by reddit,[326] “direct messages” by Twitter,[327] “private messages” by MySpace,[328] and “messages” by LinkedIn[329] and Facebook,[330] such discussions may be opened only by the identified recipients. Because other members of the user’s community are not privy to direct messages, those communications have been compared to e-mail[331] and characterized as “inherently private.”[332]

b. Terms of Service Enable Site Employee Access to User Communications

[106] Regardless of their range of distribution, messages exchanged on social networks may be accessed and monitored by site employees under the governing terms of service. While those terms typically provide privacy settings that allow users to limit the extent to which information may be disseminated, they also notify users about site employee access to their communications. The justification for such access varies from site to site, with the terms of service delineating the lack of confidentiality associated with user communications, including direct messages.

[107] For example, reddit admonishes users that it monitors all forms of user “activity” to ensure compliance with its policies.[333] This includes open forum conduct and supposedly private “chats” between users, as reddit states that “we may monitor activity on the Website, including in the bulletin boards, forums, personal ads, and chats . . . .”[334] Twitter and MySpace are not much different, with each site reserving the right to “access, read, preserve, and disclose any information” that a user discloses on the site.[335] In addition, MySpace expressly advises subscribers that its access rights extend to all communications, including “private Myspace messages.”[336]

[108] Facebook takes a different tact, notifying its members that it collects their data for marketing and operational purposes.[337] That data specifically includes information gleaned from user messages.[338] And if the trend toward site employee access of user communications was not apparent enough, LinkedIn warns its users not to post any “confidential” information to its site: “[I]f you have an idea or information that you would like to keep confidential . . . do not post it to any LinkedIn Group, into your Network Updates, or elsewhere on LinkedIn.”[339]

2. Site Access to In-house Counsel’s Communications May Destroy Confidentiality

[109] Third party access to social media messages may very well doom a privilege claim over internal corporate messages involving in-house counsel. This is because courts have generally taken a strict approach on the level of confidentiality required for a communication to be considered privileged.[340] Anything short of absolute confidentiality between client and counsel—such as a voluntary disclosure to a third party[341]—could either keep the privilege from attaching or cause it to be waived.[342] A lone caveat to this rule is that courts must assess the issue of confidentiality from the standpoint of the client.[343] Such a provision enables the privilege to attach only if the client reasonably understood that her discussion with counsel was to be confidential.[344]

[110] With these standards in mind, it is difficult to conceive how communications between in-house counsel and corporate employees over social networks could be privileged except in the narrowest of circumstances. Messages, posts, or other material communicated through an open forum setting would be voluntarily disclosed to the user communities of both counsel and the employees. Such broad dissemination of user content to any number of third parties would undoubtedly vitiate an assertion of confidentiality regarding the message.

[111] In like manner, site employee access to so-called private messages involving in-house lawyers may also destroy the confidentiality required to keep the communication privileged.[345] Such a result would be consistent with the general legal principles on this issue, including that of the client’s “reasonable understanding.” This is because corporate employees[346] and counsel would likely be deemed to have understood, agreed to, and accepted the site terms of service, including site representative access to their direct messages.[347]

[112] This is nonetheless an open issue as the courts have yet to weigh in on this specific privilege conundrum. Furthermore, case authority on related issues appears to be divided. On the one hand, various federal and state courts have made clear that social networks are not an “online lockbox of secrets.”[348] For example, in McMillen v. Hummingbird Speedway, Inc., a Pennsylvania state court explained that parties could not expect to keep information “confidential” on social networks given the applicable terms of service.[349] Referring to both Facebook and MySpace, the court observed that users of those networks unequivocally agreed to allow site representatives to monitor and disclose their communications.[350] That, the court declared, “is wholly incommensurate with a claim of confidentiality.”[351]

[113] On the other hand, direct messages have been found to be “private” given their similarity to e-mail.[352] In Crispin v. Christian Audigier, a Los Angeles federal court refused to permit disclosure under the Stored Communications Act of certain communications that the plaintiff had sent through the direct messaging features of Facebook and MySpace.[353] The court reasoned that those messages were “inherently private” since, just as with e-mail, they were “not readily accessible to the general public.”[354] Subsequent commentators have likewise joined the Crispin court on this issue, opining that direct messaging features are “sufficiently similar to e-mail communications to apply the same jurisprudence.”[355]

[114] Despite their respective merits, each line of authority is fundamentally limited as neither considers the issue of confidentiality through the lens of privilege law. Nor do they take into account the role of heightened judicial scrutiny or the factual nuances that typically encompass a privilege claim involving in-house counsel. Given these limitations, and in the absence of controlling authority, other case law must be explored for guidance. The jurisprudence that arguably provides the most logical analogue on this issue involves decisions that have addressed the merits of employee workplace privilege claims.

[115] Employee workplace privilege claims generally involve a scenario in which a company is seeking to discover e-mails that a former—and now adverse—employee sent to its counsel while employed with the company. As the former employee’s e-mails have either been sent over the company network and/or with a company-issued device, the employer argues that they are subject to company policies that eliminate any reasonable expectation of privacy in the workplace. Without an expectation of privacy, the employer contends that confidentiality is absent from the worker’s e-mails with counsel. The lack of confidentiality, in turn, destroys an otherwise defensible claim of privilege.

[116] To stave off production, the employee typically maintains that its expectation of confidentiality in the e-mails was reasonable. The worker will often point to a lack of employee knowledge and/or employer enforcement of workplace privacy policies. In essence, the employee asserts that a type of estoppel arises given the lack of or arbitrary adherence to those policies.

[117] In response to such arguments, the judiciary has fashioned a fact intensive analysis to determine whether or not the employee’s expectation of privacy was reasonable under the circumstances. That analysis generally turns on whether the employer could access worker e-mails, whether the employer monitored worker e-mail usage, and whether the employer provided notice of its policy on these issues to its workers. These three factors—access, monitoring, and notice—may be seen as similarly essential for determining whether social media communications involving in-house counsel are sufficiently confidential to be privileged. They are considered in detail in In re Asia Global Crossing, Ltd.,[356] the leading case on employee workplace privilege claims.[357]

[118] In Global Crossing, the court was asked to resolve a privilege dispute similar to the scenario described in this Subsection.[358] To determine whether the employee had an “objectively reasonable” expectation of confidentiality in the e-mails exchanged with his lawyer, the court evaluated the tripartite factors of access, monitoring, and notice.[359] With respect to access, there was no reasonable dispute that the employer could review employee e-mails.[360] Despite such access, the company neither enacted nor enforced a workplace privacy policy.[361] Nor were certain employees specifically notified that their e-mails would be monitored.[362] Taking into account both the lack of enforcement and notice regarding the policy, the court rejected the company’s arguments regarding confidentiality and sustained the employee’s privilege claim.[363]

[119] The Global Crossing factors have been repeatedly applied to resolve comparable employee workplace privilege claims. In several of those decisions, courts have found that the employee maintained a reasonable expectation of confidentiality. For example, in Curto v. Medical World Communications, Inc., the plaintiff’s claims of privilege were upheld since her employer generally neglected to monitor worker e-mail usage consistent with its stated policy of doing so.[364] A similar result was found in Convertino v. United States Department of Justice where the government agency’s privacy policy did not proscribe personal employee e-mail and did not notify the plaintiff that the agency would monitor his e-mail.[365]

[120] Various other decisions following Global Crossing have reached a contrary result on the issue of confidentiality and have rejected employee privilege claims. In In re Royce Homes, LP, employee assertions of confidentiality were dashed by a company’s electronic communications policy.[366] That policy “explicitly banned confidential communications over its computer system, and cautioned employees that the [company] could access, view, read, or retrieve employees’ personal communications at any time.”[367] Similarly, the court in In re Reserve Fund Securities and Derivative Litigation found that the employer’s consistent monitoring of employee e-mail doomed any assertion of confidentiality by the employee.[368] And in Hanson v. First National Bank, the worker’s knowledge of the employer’s e-mail access and monitoring policies defeated his asserted expectation of confidentiality.[369]

[121] The three factors emphasized by Global Crossing and its progeny should be the determinative factors that the court employs to assess the confidentiality of direct messages involving in-house counsel. Just as in Royce Homes, Reserve Fund, and Hanson, a corporate client’s reasonable expectation of confidentiality could be destroyed if a social network notifies internal counsel or other employees of its intention to monitor and access their communications. This is particularly the case if the party opposing the privilege claim establishes that the site regularly enforced that policy. Faithful adherence to the monitoring policy would make the concerns raised in the Global Crossing and Curto decisions inapposite.

[122] Nevertheless, a lack of notice to site users or spotty enforcement of site policies might still allow a claim of privilege to stand. Despite site terms such as those from Reddit and MySpace that expressly provide for monitoring and even interception of direct message content, a site’s failure to abide by those terms could land the privilege question within the scope of the Global Crossing and Curto holdings. Moreover, a site’s failure to articulate an intelligible policy or to properly notify users of that policy could bring the claim in line with Convertino. Under either of these scenarios, counsel’s privilege claim could be sustained.

4. Heightened Scrutiny as the Deciding Factor

[123] While it is difficult to reach a conclusive determination without guidance from decisional authority, heightened judicial scrutiny may very well tip the scales against in-house counsel’s privilege assertions. Given the complications that e-mail has introduced into the privilege analysis and judicial wariness regarding corporate zones of silence, courts are likely to view with skepticism claims involving social media communications.[370] This position is substantiated by the disdain courts have expressed regarding so-called privacy settings that litigants have unsuccessfully relied on to stave off the production of non-privileged data from social networks.[371]

[124] These combined factors suggest that courts could default to a strict approach with respect to confidentiality.[372] Under such an approach, courts would strictly construe the Global Crossing factors to find that sites’ monitoring policies negate any reasonable expectation of confidentiality. And without confidentiality, the claim of privilege would be destroyed. All of which underscores the importance of both in-house counsel and its client taking appropriate precautions to prevent such a development.

[125] Such safeguards, however, should not be limited to social media communications. The same concerns regarding confidentiality likewise permeate the analysis over the use of cloud computing to store internal lawyers’ privileged communications.

B. Communications Stored in the Cloud May Lose Their Privileged Character

[126] Between e-mail and social networks, companies are inundated on a daily basis with terabytes of electronic communications. In many instances, those messages and other ESI have overwhelmed company servers, storage archives, and backup media.[373] To address the logistical challenge of maintaining vast volumes of electronic data, organizations have turned to cloud computing as a storage alternative.[374] With the promise of low information retention costs[375] and quick data retrieval, the cloud computing concept has been widely embraced and is one of the most popular technologies adopted by organizations.[376]

[127] Despite the potential for efficient commercial enterprise, cloud computing offers a troublesome privilege trap for company communications with internal lawyers.[377] Just as social networking site employees are privy to direct messages involving counsel, providers of cloud computing services often have access and monitoring rights to a company’s cloud hosted data. Memorialized in service level agreements (SLA), those rights may very well destroy the confidentiality required to keep in-house counsel’s discussions privileged.[378]

[128] In this Subsection, I review the basic underpinnings of the cloud computing services model and some common SLA terms that enable provider employees to access company data. I also discuss how the judiciary would address the viability of in-house counsel’s privilege claims through the kaleidoscope of the Global Crossing factors and heightened scrutiny.

1. SLA Terms that Enable Provider Access to Cloud Hosted Data

[129] While the name “cloud computing” implies a celestial venue for data storage, the term generally refers to organizations that host company data in a brick and mortar facility.[379] Like the traditional warehouse setting, the typical cloud service provider agrees to host company materials for a fee.[380] To reach the provider’s physical repository, the company transmits the data electronically through cyberspace.[381] Once stored in the provider’s cloud archive, company ESI can be accessed and retrieved on demand by corporate employees.[382]

[130] Nevertheless, company employees may not be the only individuals with access rights to that data.[383] Depending on the nature of the SLA, representatives from the cloud provider may also be able to review, inspect, and even block data transmissions. For example, the popular enterprise cloud provider Dropbox unequivocally informs its customers that certain of its employees will have access to customer data “for the reasons stated in our privacy policy . . . .”[384] While those reasons include common caveats such as compliance with third party legal demands,[385] they also include the broad exception of “protect[ing] Dropbox’s property rights.”[386] Dropbox also grants “third party companies and individuals” access to customer data ostensibly to help improve the level of service that Dropbox provides.[387]

[131] Box, another common corporate provider, has similar access rights to customer data.[388] In addition to reserving its right to access and turn over customer data in response to outside legal requests, Box may also intercept and review data: “We retain the right to block or otherwise prevent delivery of any type of file, e-mail or other communication to or from the Service as part of our efforts to protect the Service, protect our customers, or stop you from breaching these Terms.”[389]

[132] The iCloud service Apple offers to consumers and small businesses is likewise invasive of customer-stored data.[390] Under a section of the iCloud SLA entitled “Access To Your Account and Content,” Apple specifies that it may open and review stored data to ensure the customer’s “compliance with any part of this Agreement.”[391] This includes broadly defined scenarios such as addressing “security, fraud or technical issues,” or protecting “the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.”[392] Additionally, Apple may seize customer data that it finds to be objectionable “without prior notice and in its sole discretion . . . .”[393]

[133] While Box, DropBox, and iCloud represent just a small sampling of a growing industry, their SLA terms exemplify the type of third party access that could destroy the confidentiality required to keep stored copies of in-house counsel’s internal communications privileged.[394] However, given the absence of governing case authority and the similarity of this issue to that of social networking site access to user messages, courts will likely turn to Global Crossing to determine the issue of confidentiality.[395]

[134] The impact of the Global Crossing factors—access, monitoring, and notice—would undoubtedly turn on the cloud provider’s SLA.[396] If a provider’s SLA has terms similar to those promulgated by Box, DropBox, and iCloud, the issues of access and notice would weigh against confidentiality. Some courts, like in Royce Homes, may quickly conclude that a provider’s notice of unambiguous access to cloud hosted data may vitiate any claim of confidentiality over counsel’s stored communications.[397] For other judges, a determination of the issue might instead come down to the company’s knowledge that its provider could access those privileged communications.[398] Similar to Hanson, such knowledge could potentially defeat the enterprise’s expectation of confidentiality.[399]

[135] The more reasoned analysis, however, would take into account the critical factor of monitoring, i.e., enforcement of the SLA. Parties opposing in-house counsel’s claim of privilege would more likely prevail in motion practice if they could show that providers like iCloud regularly flag and block stored communications or other cloud-hosted data.[400] Like the holding in Reserve Fund, evidence of consistent monitoring by the cloud provider would likely defeat an assertion of confidentiality by the corporate claimant.[401] In contrast, arbitrary monitoring or an overall lack of enforcement would probably leave a privilege claim undisturbed.[402] As the Global Crossing and Curto cases teach, consistent enforcement of the provider’s access rights is the touchstone of the confidentiality analysis. [403]

3. Heightened Scrutiny May Tip the Scales on the Issue of Privilege

[136] How a court ultimately decides this issue of privilege may depend on how the heightened scrutiny test is applied. While e-mail technology has generally increased the judiciary’s cynicism toward in-house privilege claims, that attitude may not necessarily extend to the use of cloud computing. This is because many state bar organizations, as well as the American Bar Association, have approved the use of cloud providers to store client communications and other information.[404] The seal of approval from reputable bar organizations regarding cloud computing could distinguish this innovation from the more notorious reputation of social networking sites.

[137] Nevertheless, the sanction from bar organizations is typically contingent on the due diligence that lawyers exercise to ensure that appropriate safeguards are deployed to preserve confidentiality.[405] Such due diligence may entail the inclusion of specific confidentiality terms in the SLA.[406] It might alternatively require the execution of a separate confidentiality agreement with the cloud provider.[407] While those measures may vary from state to state, and depending on different factual scenarios, bar organizations and commentators generally agree that counsel must take “professionally recognized, reasonably appropriate steps to protect the information stored ‘in the cloud . . . .’”[408] Such advice, which is typically directed toward outside counsel, is equally applicable to in-house attorneys, particularly given their dual role as both counsel and client on behalf of the organization.[409]

[138] Thus, if in-house lawyers and their client organizations take adequate measures to ensure the confidentiality of their cloud hosted messages, courts may very well apply a more deferential level of scrutiny and let their privilege claims stand.[410] Such a development would be welcomed across the spectrum of industry verticals given the ubiquitous adoption of cloud computing. It might also provide some much needed direction regarding the impact of BYOD on the privilege given the interplay between this innovation and cloud computing.

C. BYOD May Jeopardize the Confidentiality of In-house Counsel’s Communications

[139] The hottest technology trend affecting businesses today is undoubtedly BYOD.[411] BYOD is driven by companies that are competing for top industry talent, which often prizes the use of SFF devices in the workplace.[412] Faced with demands for high-end gadgets equipped with the latest and greatest applications, companies must decide whether to spring for such high cost items or lose a potentially brilliant employee to a competitor.[413]

[140] For many organizations, BYOD policies provide an acceptable middle ground to this quandary. With a BYOD policy in place, companies allow their employees to use their own devices for work.[414] While this enables the enterprise to slake its workers’ thirst for cutting edge innovations, it also provides a cost savings opportunity to the employer.[415] With enhanced worker satisfaction and decreased company costs, BYOD seems like a win-win for everyone involved.

[141] Everyone, that is, except for the in-house lawyers whose privilege claims could be compromised. For while BYOD has a tremendous upside for both sides of the employment equation, it presents a difficult challenge for preserving the confidentiality of counsel’s communications. This is due to the lack of corporate control introduced by BYOD over those messages and other ESI. In this Subsection, I examine the two common scenarios in which a lack of control may create issues with confidentiality. I also discuss the effect of heightened scrutiny on BYOD-impacted privilege assertions.

1. BYOD Challenges to Maintaining the Confidentiality of Privileged Messages

[142] The attraction of BYOD is also the inherent cause of its problems. By allowing the employee to conduct work duties on a personal device, the company yields a substantial amount of control over corporate information to the employee.[416] This lack of employer control could compromise the confidentiality of privileged discussions in two different scenarios.

[143] The first involves employee use of personal cloud storage providers in connection with the BYOD dynamic. Employees often turn to such providers to facilitate data transfers to company databases and to act as a storage medium.[417] Nevertheless, such providers, which include Box, DropBox, and iCloud, often grant their employees broad access rights to review, intercept, and block customer data.[418] As detailed in the previous Subsection, such third party access could impugn the confidentiality of in-house lawyers’ privilege assertions.

[144] While the prospect of cloud employee access is troubling enough, a more problematic scenario involves the use of the employee’s computer by her family, friends, or others.[419] The typical company safeguards over a workplace device (login credentials, encryption, etc.) may be nonexistent or lacking in sophistication to prevent use by others.[420] Worse, login credentials might be shared or a device could be left on without security measures. Under these scenarios, it is not difficult to envision how a roommate, teenage child, or even a stranger could take, text, or tweet company information.[421] Setting aside the potential for misappropriation of trade secrets of other proprietary information,[422] such third party access could destroy the confidentiality of any privileged messages found on the device.

2. Judicial Treatment of Privilege Claims Affected by BYOD

[145] The judiciary’s treatment of BYOD-impacted privilege assertions will likely be similar to the analysis used to address claims affected by cloud computing.[423] To the extent such privilege disputes arise from the use of cloud providers, the legal analysis under the Global Crossing factors would be equally applicable. In contrast, the third party device access scenario would probably be evaluated on the given facts surrounding the access that others had to the employee device. However, the deciding factor under either of these situations would likely focus on how closely client and counsel followed best industry practices to maintain the confidentiality of those messages.[424]

[146] Companies that make little to no effort to incorporate safeguards into their BYOD infrastructure can expect more extensive judicial probing into their assertions of confidentiality and privilege.[425] Just as courts have belittled the efficacy of privacy settings in preventing the discovery of social media communications, they may also treat BYOD-related claims with disdain if neither client nor counsel takes reasonable steps to prevent unauthorized disclosures of privileged material.[426] The reason for this is grounded in the basic underpinnings of privilege law: “[C]ourts . . . may ‘grant no greater protection to those who assert the privilege than their own precautions warrant.’”[427] Those companies that fail to jealously guard confidentiality with best practices for BYOD will likely lose the privileged status for their internal lawyers’ communications.[428]

[147] On the other hand, where “professionally recognized” and “reasonably appropriate steps” are taken to better secure data transfers as well as employee personal devices, a court would likely be more deferential in scrutinizing a company’s assertions of confidentiality. As discussed in Part V, such steps typically include the development of a cogent and reasonable BYOD policy, appropriate education of company employees, and deployment of effective, enabling technologies. Those same recommendations generally apply to the other problems created for the privilege by e-mail, social networking sites, and cloud computing.

[148] Given the role of heightened judicial scrutiny and the impact of disruptive technologies, companies should adopt practices to ensure that the protections surrounding their in-house counsel’s privilege claims are not eroded any further. In this Part, I propose some practical suggestions for accomplishing this objective.

A. Reduce the Indiscriminate Use of E-mail

[149] The first step that companies can take in reducing the indiscriminate use of e-mail is to develop an actionable e-mail use policy. Such a policy would encourage workers to cut back on the promiscuous use of e-mail with in-house lawyers. For example, lay employees could be trained regarding the proper use of a “cc,” “forward,” and “reply” with respect to counsel. While the nature of that training would vary depending on the needs of a particular organization, it would likely include an overall stop and think mandate before adding counsel to a message. For as the Vioxx, Gabapentin, and Ameritech cases make clear, perfunctorily including counsel on e-mails either for convenience or for tactical reasons invites heightened judicial scrutiny.[429]

[150] A specific suggestion derived from the Vioxx case would be to encourage workers to communicate by separate e-mail with internal lawyers when they must be brought “into the loop” on a specific matter.[430] Such a practice would enhance a privilege claim since the e-mail would be devoid of other lay recipients. It is the inclusion of various lay employees in an e-mail to counsel that often leads to doubts about whether the message was focused on legal advice. As the Vioxx case teaches, stripping out non-essential, lay recipients tends to strengthen a privilege claim.[431] In addition, it clarifies and enhances the objection in the claimant’s privilege log.

B. Limit the Privilege Log Burden

[151] The challenges of preparing an acceptable privilege log—masses of potentially privileged e-mails that must be painstakingly reviewed before each claim is reduced to a concise statement —are well known to clients, counsel, and the courts. Besides reducing the quantity of potentially privileged e-mails, the best way to circumvent this costly and tedious process that draws so much judicial scrutiny is for the litigants to enter into a stipulation that limits the scope of a log. Indeed, Federal Rule of Civil Procedure 26(f) specifically requires the parties to develop a “discovery plan” that addresses “any issues about claims of privilege.”[432] At the Rule 26(f) discovery conference, the parties could explore possible limitations on privilege logs such as: (1) only identifying the last-in-time e-mail in a particular string;[433] (2) preparing a privilege log by category;[434] or (3) eliminating the log altogether.[435]

[152] If the parties are unable to reach an agreement, they should seek judicial involvement to help fashion an acceptable protocol.[436] Regardless of the method, parties that narrow the extent of their privilege log obligations will almost certainly reduce the level of judicial wrangling over their privilege assertions.

C. Use Technology to Identify Draft E-mails

[153] Organizations will likely need to deploy technology to prevent the mistaken production of draft e-mails. This could include tools that help match up draft e-mails with their final, privileged counterparts.[437] Alternatively, there are technologies that can isolate privileged drafts and thereby increase the chance of removing them from a production set.[438] These innovations, however, are not a panacea for addressing the issue. The problematic drafts in Oracle were produced despite the use of “electronic scanning mechanisms.”[439] Instead of placing complete reliance on technology, companies should develop and integrate with that technology a complementary privilege review process. That process would likely incorporate audits and other quality control checks to ensure that drafts do not slip through the proverbial cracks.

D. Provide a Hosted Alternative to Social Networking Sites

[154] Third party access to social media communications involving in-house lawyers may very well drive companies to ban counsel from using social networks for business communications. While such a policy could theoretically address the issue, it would likely be difficult to enforce.[440] In addition, it may prove unpopular given that many employees, including lawyers, prefer communicating over social networks.[441]

[155] To address these issues, a company may consider deploying an on-site social network environment.[442] Conceptually similar to private clouds that house data behind the company firewall, an on-site network could be jointly developed with a third party provider to ensure specific levels of confidentiality. For example, the company could create specific forums or groups with limited membership for addressing legal matters or permit direct messaging with counsel. Under either of these scenarios, employees would have the benefit of using a social network while the company could eliminate site representative access to those communications.

E. Ensure the Cloud Provider Has Confidentiality Safeguards

[156] An enterprise that is considering cloud computing for its ESI storage needs should require that a cloud service provider offers measures to preserve the confidentiality of privileged messages. As the bar organization opinions suggest, that may include specific confidentiality terms or a separate confidentiality agreement.[443] In addition, the provider should have certain encryption functionality to better preserve confidentiality. Such functionality—a secure sockets layer connection, password hashing, encryption key storage—are all designed to prevent unauthorized access by the provider’s employees (or other third parties) to company data that is transmitted to and hosted in the cloud.[444] By taking these measures, counsel and client can better satisfy for themselves that they have taken “professionally recognized” and “reasonably appropriate steps” to ensure the confidentiality of their privileged discussions.[445]

F. Develop and Enforce a Cogent BYOD Policy

[157] To address the nettlesome confidentiality problems associated with BYOD, a company should prepare a cogent policy and deploy technologies that facilitate employee compliance.[446] Such a policy discourages workers from using personal cloud storage providers to facilitate data transfers or ESI storage. It also delineates the parameters of access to employee devices by the employee’s family, friends, or others.[447]

[158] To make such a policy more effective, employers will need to develop a technological architecture that reasonably supports conformity with the policy.[448] This, in turn, will require the company to provide a secure portal to ensure that data transmissions between employee devices and employer databases remain confidential.[449] Whether that gateway is direct or indirect, it should prevent third parties such as cloud provider representatives from eavesdropping on privileged communications. To address the other third party access issue, technologies could be downloaded to an employee’s personal device to segregate and encrypt employer information from personal data. Such a measure would undoubtedly help prevent employee family or friends from accessing privileged content.

[159] By training employees on the BYOD policy and providing tools to enable their compliance, companies can better prevent unauthorized disclosures of counsel’s privileged communications

VI. Conclusion

[160] There can be little doubt that the protections afforded by the privilege have been substantially diluted for in-house counsel. Between the anvil of heightened scrutiny and the hammer of disruptive technologies, the scope of the privilege has been drastically narrowed over the past three decades. Nevertheless, there are ways that organizations can prevent the zone of privilege from shrinking even further. By developing actionable and defensible corporate policies, providing suitable training to employees, and using technologies to facilitate compliance, companies may be able to address some of the corrosive effects of heightened scrutiny and technology. Only by following these suggestions and other best practices can clients reasonably expect to counteract these factors that are narrowing the scope of their internal lawyers’ privilege claims.

* Senior Discovery Counsel, Recommind, Inc; J.D., Santa Clara University School of Law, 1999; B.A., Political Science, Brigham Young University, 1994. The author wishes to recognize Adam Kuhn, J.D./M.B.A., University of San Francisco School of Law, 2013, for his exceptional work in connection with this article.

[4] Ben Delsa, E-mail and the Attorney-Client Privilege: Simple E-mail in Confidence, 59 La. L. Rev. 935, 935-36 (1999) (“Unlike telephone calls, e-mail creates written records of communications, and allows users to send large documents and images by attaching them to the e-mail message . . . [and] avoids ‘telephone tag’ . . . . In contrast to facsimile transmission, e-mail can send information directly from a computer in a form that the recipient can edit and return . . . [and] costs less than a fax, especially when used for interstate or international communication.”).

[5] See id. at 935 (attributing the widespread use of e-mail to “its unique advantages over other forms of communication. E-mail documents cost less to store, can be edited and efficiently searched, and can disseminate information to several destinations at once.”).

[6] See Harry M. Gruber, E-mail: The Attorney-Client Privilege Applied, 66 Geo. Wash. L. Rev. 624, 626-27 (1998) (noting, in 1998, that many lawyers were already relying on e-mail as a form of communication with clients); Gil Keteltas & John Rosenthal, Discovery of Electronic Evidence, in Electronic Evidence Law and Practice 1, 4 (2d ed. 2008) (“E-mails have replaced other forms of communication besides just paper-based communication. Many informal messages that were previously relayed by telephone or at the water cooler are now sent via e-mail.” (quoting Byers v. Ill. State Police, No. 99 C 8105, 2002 U.S. Dist. LEXIS 9861, at *32 (N.D. Ill. June 3, 2002))).

[8] Social media communications are requested for production at least forty-one percent of the time. Press Release, Symantec, Symantec Survey Finds Emails are No Longer the Most Commonly Specified Documents in eDiscovery Requests (Sept. 19, 2011), available at www.symantec.com/about/news/release/article.jsp?prid=20110918_01.

[21] See, e.g., In re Sealed Case, 737 F.2d 94, 99 (D.C. Cir. 1984) (holding that a clear showing was required to establish the privilege since the company general counsel also had “certain responsibilities outside the lawyer’s sphere”).

[22] See David Simon, The Attorney-Client Privilege As Applied to Corporations, 65 Yale L.J. 953, 955 (1956) (warning that overreaching privilege claims could result in a “zone of silence” in which non-privileged documents are improperly withheld from discovery).

[23] See Spahn, supra note 1, at 293 (“The advent of electronic communications has greatly complicated the application of the attorney-client privilege, particularly for in-house counsel”).

[24] See Paul Rice, Electronic Evidence Law and Practice 250-51 (2d ed. 2008) (describing some differences between traditional written communication and e-mail).

[25] See United States v. Segal, No. 02–CR–112, 2004 U.S. Dist. LEXIS 6616, at *9 (N.D. Ill. Apr. 16, 2004) (observing that “the rise of e-mail as the primary mode of corporate communication permits the broad dissemination and near-complete documentation of corporate communications,” which has forced additional complexity into the analysis of privilege claims involving corporate counsel).

[26] See Mac-Ray Corp. v. Ricotta, No. 03–CV–524S(F), 2004 U.S. Dist. LEXIS 32023, at *8 (W.D.N.Y. June 16, 2004) (holding that no privilege attached to various internal e-mails involving “routine business transactions” sent to corporate counsel for “review and approval”).

[27] See Sasha Danna, The Impact of Electronic Discovery on Privilege and the Applicability of the Electronic Communications Privacy Act, 38 Loy. L.A. L. Rev. 1683, 1697 (2005) (“[C]ourts have regarded with particular skepticism claims that e-mail messages are subject to the attorney-client privilege because they have either been copied or forwarded to in-house counsel.”).

[29] Byers v. Ill. State Police, No. 99-C-8105, 2002 U.S. Dist. LEXIS 9861, at *32 (N.D. Ill. June 3, 2002) (“[C]omputers have the ability to capture several copies (or drafts) of the same e-mail, thus multiplying the volume of documents. All of these e-mails must be scanned for both relevance and privilege.”).

[30] Gopal S. Patel, Note, E-mail Communication and the Attorney-Client Privilege: An Ethical Quagmire, 26 Whittier L. Rev. 685, 685 (2004) (“[E]-mail [] has made attorney-client contact communication much cheaper and easier. However, this benefit comes with a significant cost. The information that is passed on through this method of communication can be rather easily intercepted or inadvertently disclosed. These technological advancements pose very unique challenges to both attorneys and judges.”).

[36] See Jan Conlin & Andrew Pieper, Litigation: Keeping that Corporate Privilege, InsideCounsel (Sept. 27, 2012), http://www.insidecounsel.com/2012/09/27/litigation-keeping-that-corporate-privilege (“[I]f In re Google is any predictor, a party claiming privilege needs to make a ‘clear showing’ that the involved communication relates to in-house counsel working in her capacity as an attorney.”).

[38] See, e.g., Social Media, 10-8 Partner’s Rep., Aug. 2010, at 10, 12 (“[Seventy] percent of in[-]house lawyers between the ages of [thirty] and [thirty-nine] had used Facebook for personal reasons in the previous [twenty-four] hours and that [fifty] percent had used it for professional reasons in the previous week.”).

[39] Cf. Nicholas Carlson & Kamelia Angelova, CHART OF THE DAY: Email’s Reign is Over, Social Networking is the New King, Bus. Insider (Apr. 14, 2010, 4:11 PM), http://www.businessinsider.com/chart-of-the-day-social-networking-vs-email-usage-2010-4 (showing that social media usage has exceeded e-mail use since 2007).

[40] See discussion infra Part IV.A.

[41] See Carla R. Walworth et al., Privilege Law, its Global Application, and the Impact of New Technologies 8-10 (2012), available at www.americanbar.org/content/dam/aba/publications/young_lawyer/attorneyclientprivilege.authcheckdam.pdf (discussing recent case law regarding discovery and privilege on cloud and social media platforms).

[56] Upjohn Corp. v. United States, 449 U.S. 383, 389 (1981) (observing that the “purpose” of the privilege is “to encourage full and frank communication between attorneys and their clients and thereby promote broader public interests in the observance of law and administration of justice.”).

[59] See Note, Functional Overlap Between The Lawyer And Other Professionals: Its Implications For The Privileged Communications Doctrine, 71 Yale L. J. 1226, 1236-37 (1962) [hereinafter Functional Overlap] (discussing criticisms of the privilege and commentators who have sought to limit its application).

[60] See Note, Attorney-Client Privilege For Corporate Clients: The Control Group Test, 84 Harv. L. Rev. 424, 425-26 (1970) [hereinafter The Control Group Test] (noting the obvious exclusionary results that the privilege causes in discovery).

[61] See Lory A. Barsdate, Attorney-Client Privilege For The Government Entity, 97 Yale. L. J. 1725, 1729 (1988) (discussing how the privilege prevents the presentation of relevant evidence to a jury).

[63] See Trammel v. United States, 445 U.S. 40, 47-48 (1980) (explaining that a privilege analysis requires courts to eschew rigid guidelines given changing cultural norms and the factually intensive nature of such claims).

[64] Fed. R. Evid. 501.

[65] See generally United States v. Gillock, 445 U.S. 360, 367 (1980) (discussing proposed drafts of Rule 501 from 1973 and noting that “Congress substituted the present language of Rule 501 for the draft proposed by the Advisory Committee of the Judicial Conference of the United States to provide the courts with greater flexibility in developing rules of privilege on a case-by-case basis”).

[79] Diversified, 572 F.2d at 610-11; see also United States v. Chevron Texaco Corp., 241 F. Supp. 2d 1065, 1073 (N.D. Cal. 2002) (reciting the general rule that a “[c]ommunication between a client and its outside counsel are presumed to be made for the purpose of obtaining legal advice.” (citing Diversified, 572 F.2d 596)).

[85] Id. The matter was eventually remanded to the magistrate judge with the direction that he make findings consistent with the district court’s order. Id.; see also United States v. Chevron Texaco Corp., 241 F. Supp. 2d 1065, 1076 (N.D. Cal. 2002) (observing that “the presumption that attaches to communications with outside counsel does not extend to communications with in-house counsel.” (citing Chevron Corp., 1996 U.S. Dist. LEXIS 4154, at *8-11)).

[95] See id. at 359. The court also considered whether communications involving the company’s patent agents should be privileged. The court declined to do so. This aspect of the holding from United Shoe has been rejected in subsequent jurisprudence. See, e.g.,American Standard Inc. v. Pfizer Inc., 828 F.2d 734, 748 (Fed. Cir. 1987) (Newman, J., dissenting) (summarizing criticism of the United Shoe holding that did not extend the privilege to patent agents).

[96] Id. at 359-360.

[97] Id. at 360 (emphasis added).

[98] See United Shoe,89 F. Supp. at 359. While this explanation was provided in the context of outside counsel, it was subsequently applied with equal force to in-house counsel. See, e.g., Chore-Time Equip. Inc. v. Big Dutchman, Inc., 255 F. Supp. 1020, 1022 (W.D. Mich. 1966) (explaining that “Judge Wyzanski was also referring to house counsel when he said the privilege should not be lost merely because an attorney includes non-legal advice with legal advice”).

[99] United Shoe, 89 F. Supp. at 359.

[100] See id. (“Where a communication neither invited nor expressed any legal opinion whatsoever, but involved the mere soliciting or giving of business advice, it is not privileged” (citing United States v. Vehicular Parking, 52 F. Supp. 751 (D. Del. 1943)).

[101] See discussion infra Part II.C.3.a.

[102] See United Shoe, 89 F. Supp. at 359.

[103] See discussion infra Part II.C.3.b.

[104] See generally Simon, supra note 22.

[105] See id. at 973.

[106] See id. at 970.

[107] Id. at 973.

[108] Id.

[109] See Simon, supra note 22, at 955-56 (“Where corporations are involved, with their large number of agents, masses of documents, and frequent dealings with lawyers, the zone of silence grows large. Few judges—or legislators either, for that matter—would long tolerate any common law privilege that allowed corporations to insulate all their activities by discussing them with legal advisers. It is this risk, and this challenge, that underlie a number of attorney-client privilege problems peculiar to corporations.”).

[116] Lowy v. Comm’r of Internal Revenue, 262 F.2d 809, 812 (2dCir. 1959) (holding that the privilege did not apply since counsel and the defendant were engaged in a “business dealing” and not a legal matter).

[164] SeePreface to Rice, supra note 51 (Professor Rice apparently compiled “the only exhaustive work on the attorney-client privilege in the United States” through 35 years of work as a special master for complex litigation, researcher, and professor).

[191] See United States v. Segal, No. 02-CR-112, 2004 U.S. Dist. LEXIS 6616, at *9 (N.D. Ill. Apr. 16, 2004) (reasoning that the “rise of e-mail as the primary mode of corporate communication permits the broad dissemination and near-complete documentation of corporate communications”).

[192] Byers v. Ill. State Police, No. 99 C 8105, 2002 U.S. Dist. LEXIS 9861, at *32 (N.D. Ill. June 3, 2002) (explaining that e-mail has replaced many forms of traditional business communications such as “informal messages that were previously relayed by telephone or at the water cooler”).

[196] See Spahn, supra note 1, at 293 (noting that “[w]hile in the past conversations between legal and non-legal personnel may have simply been lost to the ether, now there are permanent records of nearly every ‘conversation’ conducted through . . . e-mails”).

[198] Fed. R. Evid. 502(d); see also Fed. R. Evid. 502 (advisory committee notes) (discussing the rule’s framework for addressing the problems associated with the inadvertent production of ESI).

[199] Danna, supra note 27, at 1700 (explaining that “the temptation to withhold non-privileged e-mail messages directed to or sent by corporate counsel has grown with the overall increase in communications running to or from corporate counsel due to e-mail.”).

[221] See,e.g., Baklid-Kunz, 2012 U.S. Dist. LEXIS 158944, at *14-15 (holding that several e-mails identified in the privilege log involving internal counsel were not privileged).

[222] See Fed. R. Civ. P. 26 (b)(5)(A)(ii). Rule 26(b)(5)(A) requires parties to “describe the nature of the documents, communications, or tangible things not produced or disclosed—and do so in a manner that, without revealing information itself privileged or protected, will enable other parties to assess the claim.” Id. The failure to serve a timely and adequate privilege log could result in a waiver of the privilege’s protection. See Burlington N. & Santa Fe Ry. Co. v. United States Dist. Court for Dist. of Mont., 408 F.3d 1142, 1149-50 (9th Cir. 2005) (finding that a tardy and inadequate privilege log resulted in a privilege waiver); Kevin Brady, Top 10 Things You Never Hear on Privilege Logs,eSpectable.com (Jan. 10, 2013), http://espectable.com/942/.

[229] See id. at *15 (reasoning that where in-house counsel is deployed on business instead of legal matters, the organization claiming the privilege must satisfy “a particular burden . . . to demonstrate why communications [involving counsel] deserve protection and are not merely business documents.”).

[245] The consequences of such scrutiny are not limited to privilege arena. The collateral impact includes a dramatic rise in attorney fees relating to privilege log litigation. SeeUnv’l Serv. Fund, 232 F.R.D. at 674 (lamenting the expense associated with the preparation of a privilege log which requires litigants to separately identify each message from an e-mail string). There are efforts being made to reverse this trend, though it is unclear whether they will ultimately be successful given the factors identified in this Subsection. See John M. Facciola & Jonathan M. Redgrave, Asserting and Challenging Privilege Claims in Modern Litigation: The Facciola-Redgrave Framework, 4 Fed. Cts. L. Rev. 19, 49 (2009) (arguing that in certain instances parties should be required to log only the so-called “last-in-time” message in an e-mail string).

[251] See id. at 260 (explaining that “litigants who fail to request electronic data will never find many files through traditional means of paper discovery”).

[252] See, e.g.,Byers v. Ill. St. Police, No. 99 C 8105, 2002 U.S. Dist. LEXIS 9861, at *32 (N.D. Ill. June 3, 2002) (observing that “computers have the ability to capture several copies (or drafts) of the same e-mail, thus multiplying the volume of documents. All of these e-mails must be scanned for both relevance and privilege.”).

[305] See Allison Walton, Social Media and eDiscovery: New Kid on the Block, but the Same Story, e-discovery 2.0 (Sept. 30, 2011), http://www.clearwellsystems.com/e-discovery-blog/2011/09/30/social-media-and-ediscovery-new-kid-on-the-block-but-the-same-story/ (describing social media as the “new e-mail” and discussing related discovery challenges).

[306] See Social Networking Popular Across Globe, Pew Research (Dec. 12, 2012), http://www.pewglobal.org/2012/12/12/social-networking-popular-across-globe/ (“In countries such as Britain, the United States, Russia, the Czech Republic and Spain, about half of all adults now use Facebook and similar websites.”).

[307] See Peter J. Pizzi, Where Cyber and Employment Law Intersect, Risks for Management Abound, Aspatore, July 2011, at *1, available at 2011 WL 3020563 (“By 2014, some say that social media will replace upwards of 20 percent of the use of workplace e-mail.”); see Nielsen, State of the Media: The Social Media Report 2012 1, 2 ( 2012), http://www.nielsen.com/content/dam/corporate/us/en/reports-downloads/2012-Reports/The-Social-Media-Report-2012.pdf (The prevalence of personal use of social networking sites has arguably fueled its popularity in the business world.).

[308] See Matt Silverman, How Lawyers Are Using Social Media for Real Results, Mashable (June 1, 2010), http://mashable.com/2010/06/01/lawyers-social-media/ (“[I]n-house attorneys now are using new media platforms to deepen their professional networks; to obtain their legal, business, and industry news and information; and to enrich their social and personal lives. Most importantly, they expect that trend to accelerate in the future.”).

[310] See Wendy L. Patrick, “Proceed With Caution” Navigating The Latest Ethical Rules, TSTJ08 ALI-ABA 27, 45 (2012) (“[M]any lawyers are actively using these [social networking] sites to share information about their professional lives and showcase their accomplishments.”); Meghan Ennes, Social Media: What Most Companies Don’t Know, Har. Bus. Rev., http://hbr.org/web/slideshows/social-media-what-most-companies-dont-know/1-slide (last visited Nov. 24, 2013) (showing that in 69% of organizations, the marketing department is responsible for development of social media strategy).

[311] SeeSocial Media, supra note 38, at 12 (“[Seventy] percent of in[-]house lawyers between the ages of [thirty] and [thirty-nine] had used Facebook for personal reasons in the previous [twenty-four] hours and that [fifty] percent had used it for professional reasons in the previous week.”).

[320] Sharing Ideas, Questions, Articles and Website Links, LinkedIn, http://help.linkedin.com/app/answers/detail/a_id/434 (last visited Nov. 3, 2013) (“You can share thoughts, articles or other content-rich websites with others from several places. This is sometimes known as posting an update or sharing an update.”)

[321] Wall Definition, Facebook, https://www.facebook.com/help/266010756746812/?q=wall&sid=06199PxbSjxjs2yZp (last visited Nov. 3, 2013) (“Your Wall is the space on your timeline where you and friends can post and share.”).

[322] How to Post a MySpace Profile Comment,For Dummies, http://www.dummies.com/how-to/content/how-to-post-a-myspace-profile-comment.html (last visited July 30, 2013) (“Posting a Profile Comment on MySpace is an easy and effective way to communicate with the members of your Friend List.”).

[324] What Is reddit?, reddit, http://www.reddit.com/wiki/faq (last visited Nov. 3, 2013) (“reddit is a source for what’s new and popular on the web. Users like you provide all of the content and decide, through voting, what’s good and what’s junk.”).

[340] Hillsdale Envtl. Loss Prev. Inc. v. United States Army Corps of Eng’rs, CIV. A. 10-2008-CM-DJW, 2011 U.S. Dist. LEXIS 30376, at *8 (D. Kan. Mar. 23, 2011) (citing New Jersey v. Sprint, 258 F.R.D. 421, 426 (D. Kan. 2009) (noting that the privilege is generally lost if the client voluntarily reveals the contents of an otherwise privileged discussion to a third party).

[341] This limitation does not include third party agents of lawyers. See Rice, supra note 51, at §3:3 at 13-21 (2010) (“To the extent that the communications would have been protected had they been with the attorney, courts have extended the privilege to the substantive advice and assistance of associates, investigators, interviewers, technical experts, accountants, physicians, patent agents, and other specialists in a variety of social and physical sciences.”).

[345] Mallory Allen & Aaron Orheim, Get Outta My Face(Book): The Discoverability of Social Networking Data and the Passwords Needed to Access Them, 8 Wash. J.L. Tech. & Arts 137, 146 (2012) (“Litigants attempting to invoke their right to privacy based on a reasonable expectation that information stored on either Facebook or MySpace is private may face difficulty overcoming the fact that according to the plain language of most social networking sites’ policies, little to no privacy is guaranteed.”).

[346] Barring some exceptional circumstance, the employees’ knowledge and understanding would be imputed to the organization under basic agency principles. See generally Restatement (Third) Of Agency § 5.03 (2006).

[349] McMillen v. Hummingbird Speedway, Inc., No. 113-3010CD, 2010 Pa. Dist. & Cnty. Dec. LEXIS 270, at *5-6(“Yet reading [Facebook and MySpace’s] terms and privacy policies should dispel any notion that information one chooses to share, even if only with one friend, will not be disclosed to anybody else.”).

[355] Evan E. North, Note, Facebook Isn’t Your Space Anymore: Discovery of Social Network Websites, 58 U. Kan. L. Rev. 1279, 1300 (2010) (arguing that the body of privacy law regarding e-mail correspondence should likewise apply to direct messages sent through social networking sites). While there is perhaps a logical analogy between e-mail and direct social media communications for purposes of privacy law, that analogy is not equally applicable to the issue of confidentiality under the attorney-client privilege. As the Crispin court illustrates, individuals can enjoy a reasonable expectation of privacy in their communications even though third parties may be privy to their messages. Crispin, 717 F. Supp. 2d at 991; see supra notes 340-44 and accompanying text.

[373] See Philip Favro, Look Before You Leap! Avoid Pitfalls When Moving e-Discovery to the Cloud, Law J. Newsls., Apr. 2012, available at http://www.lawjournalnewsletters.com/issues/ljn_legaltech/30_1/news/156573-1.html.

[374] See, e.g., Ned Smith, Why More Businesses Are Using Cloud Computing, CNBC (July 25, 2012, 1:00 PM), http://www.cnbc.com/id/48319526/Why_More_Businesses_Are_Using_Cloud_Computing (“More than eight in 10 companies currently use some form of cloud solution, and more than half plan to increase cloud investments by 10 percent or more this year . . . . [M]ore than half of micro (one to nine employees) and small (10 to 99 employees) businesses use cloud-based business productivity applications.”); Nicole Black, Introduction, to Global Cloud Survey Report 2012, Legal IT Professionals 4, 7 (2012), available at http://www.legalitprofessionals.com/wpcs/cloudsurvey2012.pdf (“[N]early all respondents acknowledged that cloud computing would ultimately overtake on-premise computing in the legal industry . . . .”).

[375] For the enterprise, the allure of cloud computing is cost savings. See Smith, supra note 374. The cost to store company ESI in the cloud may be significantly lower than the cost to add more hardware to accommodate growing digital stores. In addition, cloud computing offers the opportunity to slash overhead expenses by decreasing employee headcount and reducing server repair and maintenance.

[376] Cf. Symantec, Avoiding the Hidden Costs of the Cloud 4, 8, (2013), available at https://www.symantec.com/content/en/us/about/media/pdfs/b-state-of-cloud-global-results-2013.en-us.pdf (finding that “[o]rganizations of all sizes are moving ahead with cloud implementations” and that 34% of organizations surveyed have had eDiscovery requests for cloud data but 66% missed the discovery deadline and 41% were unable to meet the discovery request).

[379] See Peter Mell & Timothy Grance, Nat’l Inst. of Standards &Tech., The NIST Definition of Cloud Computing 1-3 (2011), available at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.“Public clouds” fit most closely into the paradigm discussed in this Subsection. However, certain providers of “private clouds” and “hybrid clouds” also fall within the scope of this discussion since they offer third party hosted services. Nevertheless, the cloud industry typically characterizes a private cloud provider as furnishing a third party service that is hosted on the contracting company’s site and behind the firewall of that company. In contrast, a hybrid cloud “is a composition of two or more distinct cloud infrastructures (private, community, or public)” bound together for interoperability. Id.

[380] For example, Dropbox fees range from $795/year for small (fewer than five) member teams to $31,420/year for large (250) member teams. Pricing, Dropbox, https://www.dropbox.com/business/pricing (last visited Nov. 3, 2013).

[383] See Roberta Cooper Ramo, Ethics for American Lawyers in the Age of Twitter and the Cloud, 72 Mont. L. Rev. 227, 233 (2011) (“It is less expensive to use so-called cloud servers to save massive amounts of material and at the same time have it accessible from virtually any place on the planet. The question is, of course, if it is accessible to you, to whom else might the material be available on an unauthorized basis? . . . . Are you putting your clients’ confidential information at risk?”).

[394] Cf. Yenny Teng-Lee, Comment, Fourth Amendment Protection for Users’ Information Stored in the Cloud: The Case of Mint.com, 17 Intell. Prop. L. Bull. 65, 70-72, 79-84 (2012) (analyzing the third party doctrine and the impact of cloud SLAs on users’ reasonable expectation of privacy in the fourth amendment context).

[395] See Jay E. Grenig et al., 1 eDiscovery & Digital Evidence § 2:11 (2012) (“Case law has not yet caught up with cloud computing, but legal commentators have begun to explore the possible ramifications of this new ESI phenomenon.”); supra Part IV.A.3.

[396] See supra Part IV.A.3.

[397] See In re Royce Homes, LP, 449 B.R. 709, 744 (Bankr. S.D. Tex. 2011) appeal dismissed, 466 B.R. 81, 94 (S.D.Tex. 2012).; see also Report of the New York State Bar Association’s Task Force on Privacy 53 (2009), available at http://old.nysba.org/Content/NavigationMenu60/PrivacyInitiativeTaskForceHome/NYSBAPrivacyRptFinalHOD4309.pdf(“In general, these TOU and Privacy Policies do not afford the necessary level of restriction and protection for privileged client information and attorney work product, or information protected by a right of privacy, so that an attorney professionally and ethically cannot agree to subject such information to those TOU and Privacy Policy. In that case it will be impermissible for an attorney to use cloud computing, cloud storage or virtual computing in his or her practice.”).

[398] See City of Ontario v. Quon, 560 U.S.746, 130 S. Ct. 2619, 2630 (2010) (“And employer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.”).

[399] See Hanson v. First Nat’l Bank, No. 5:10-0906, 2011 U.S. Dist. LEXIS 125935, at *23 (S.D. W. Va. Oct. 31, 2011) (finding that a party, knowing that his employer “could access and monitor his e-mail communications with his criminal attorney, had no objectively reasonable expectation of privacy or confidentiality in them and effectively waived the attorney-client privilege” in using his employer’s computer system to communicate with his attorney.).

[400] See supra note 384 and accompanying text.

[401] See Reserve Fund Sec. & Derivative Litig. v. Reserve Mgmt. Co., 275 F.R.D. 154, 164 (S.D.N.Y. 2011); see also United States v. Finazzo, No. 10-CR-457(RRM)(RML), 2013 U.S. Dist. LEXIS 22479, at *33-34 (E.D.N.Y. Feb. 19, 2013) (finding that an employee had no reasonable expectation or confidentiality in e-mails sent through his employee account because the employer “had a clear and long-consistent policy of limiting an employee’s personal use of its systems, reserving its right to monitor an employee’s usage of the system, and making abundantly clear to its employees . . .that they had no right to privacy when using them.”).

[405] Bob Ambrogi, Florida Legal Ethics Opinion Clears Way for Cloud Computing,Catalyst(Feb. 14, 2013), http://www.catalystsecure.com/blog/2013/02/florida-legal-ethics-opinion-clears-way-for-cloud-computing/ (noting that many states have adopted ethics opinions regarding the use of cloud computing and that they almost universally condone the use of cloud storage “provided [lawyers] exercise due diligence to ensure that the cloud provider maintains adequate safeguards to protect the confidentiality and security of client information”).

[406] See, e.g.,Pa. Bar Ass’n Comm. on Legal Ethics & Prof’l Responsibility, Formal Op. 2011-200, 13 (2011), available at http://www.slaw.ca/wp-content/uploads/2011/11/2011-200-Cloud-Computing.pdf (“Generally, the consensus is that, while ‘cloud computing’ is permissible, lawyers should proceed with caution because they have an ethical duty to protect sensitive client data. In service to that essential duty, and in order to meet the standard of reasonable care, other Committees have determined that attorneys must (1) include terms in any agreement with the provider that require the provider to preserve the confidentiality and security of the data, and (2) be knowledgeable about how providers will handle the data entrusted to them. Some Committees have also raised ethical concerns regarding confidentiality issues with third-party access or general electronic transmission (e.g., web-based [e-mail]) and these conclusions are consistent with opinions about emergent ‘cloud computing’ technologies.”).

[407] See, e.g.,N. C. State Bar Ass’n, Formal Op. 6 (2011), Subscribing to Software as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property (last modified Jan. 27, 2012), available at http://www.ncbar.gov/ethics/printopinion.asp?id=855 (follow “Adopted Opinions” hyperlink under “Ethics” tab; then search by title) (providing a list of recommended security measures a lawyer should take when working with a cloud provider, including issuing an agreement on “how the vender will handle confidential client information in keeping with the lawyer’s professional responsibilities”).

[409] See United States v. ChevronTexaco Corp., 241 F. Supp.2d 1065, 1076-77 (N.D. Cal. 2002) (observing that in-house counsel invariably occupy the roles of lawyer and client on behalf of the organization).

[410] To the extent client and counsel took reasonable steps in this regard, subsequent third party access to communications could arguably be considered an “inadvertent disclosure” and not a waiver of the privilege. See Fed. R. Evid. 502(b).

[411] See Greg Day, Overview from Greg Day On the Topic of Bring Your Own Device—The Challenges Facing Today and How This Trend Will Evolve in the Future, Symantec, http://www.symantec.com/tv/news/details.jsp?vid=1555866669001 (last visited Nov. 1, 2013) (describing the BYOD trend and associated challenges).

[416] See Henry Z. Horbaczewski & Ronald I. Raether, Know the Privacy and Security Issues Before Inviting Employee-Owned Devices to the Party, ACC Docket, Apr. 2012, at 71, 72 (“Security starts with knowing what data resides where, and who has access to that data. With employee-owned devices, the main unique issue from a security perspective is loss of control.”).

[419] See Bryan T. Allen, The Legal Side of Bring Your Own Device (BYOD), Parr Brown Gee & Loveless (Feb. 27, 2013), http://www.parrbrown.com/newsevents/articles/view/272 (“The most important provisions in a BYOD policy are the provisions designed to protect the company’s confidential information from getting into the hands of third parties or being used by an employee for non-company purposes.”).

[420] See Reece Hirsch, What Every General Counsel Should Know About Privacy and Security: 10 Trends for 2013,12 Privacy & Security L. Rep. 128 (2013), available at http://www.morganlewis.com/pubs/BNA_WhatEveryGCShouldKnow_28jan13.pdf (“If a company’s security policy calls for encryption of all company-owned mobile devices, but an employee uses his or her own unencrypted smartphone to store company data and that phone is hacked, then it could be argued that the company has not met the standard for reasonable security.”); Horbaczewski, supra note 416, at 71, 72.

[421] See Lisa Milam-Perez, Littler Mendelson Attorney Warns of Pitfalls of “BYOD”, Wolters Kluwer (July 29, 2012), http://www.employmentlawdaily.com/index.php/2012/07/29/littler-mendelson-attorney-warns-of-pitfalls-of-byod/ (describing best practices for BYOD policies: “No use by friends and family members! ‘I got the most guff for this one . . . and I imagine you probably will too. I know your kid likes to play Angry Birds, and I know you bought it with your own money,’ but it’s an essential control . . . .”);Privacy Roundtable Highlights, Recorder(Mar. 5, 2013), http://www.law.com/jsp/ca/PubArticleCA.jsp?id=1202591017099 (discussing the risk of misappropriation of company data by family members sharing devices that may also be used for work under BYOD policies).

[424] To that end, the guidelines that various bar organizations promulgated regarding the implications for the privilege by the use of cloud computing would undoubtedly figure into this analysis. Seesupra notes 404-07.

[446] Susan Ross, Unintended Consequences of Bring Your Own Device, Law Tech. News (Mar. 7, 2013), http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202591156823&thepage=1 (discussing the role of company policy and potential loss of personal information stored on a BYOD); see also Hirsch, supra note 420.

[447]See, e.g.,Milam-Perez, supra, note 421.

[448] Day, supra note 411 (discussing the challenges of developing BYOD policies and infrastructure that can accommodate the variety of consumer operating systems).